Register now for better personalized quote!

SAP releases patches for ICMAD vulnerabilities, log4j issues, more

Feb, 08, 2022 Hi-network.com

Three vulnerabilities with CVSS of 10, 8.1 and 7.5 have been patched by SAP after being discovered by cybersecurity firm Onapsis. 

The patches were were part of a group of 19 security notes released by the company about a range of security issues. Three of the vulnerabilities related to log4j and had a CVSS of 10. 

Recommends

How the top VPNs compare: Plus, should you try a free VPN?

We tested the best VPN services -- focusing on the number of servers, ability to unlock streaming services, and more -- to determine a No. 1 overall. Plus, we tell you whether free VPNs are worth trying.

Read now

The vulnerabilities found by Onapsis-- dubbed "ICMAD" -- allow attackers to execute serious malicious activities on SAP users, business information, and processes, which ultimately compromises unpatched SAP applications. The issues revolve around SAP's Internet Communication Manager (ICM), a core component of many of their applications. 

ICM is the SAP component that enables HTTP(S) communications in SAP systems. Because ICM is exposed to the internet and untrusted networks by design, vulnerabilities in this component have an increased level of risk, the companies explained. 

JP Perez-Etchegoyen, CTO at Onapsis, told ZDNet that with a single request, an attacker could be able to steal every victim session and credentials in plain text and modify the behavior of the applications. 

"Abusing these vulnerabilities could be simple for an attacker as it requires no previous authentication, no necessary preconditions, and the payload can be sent through HTTP(S)," Perez-Etchegoyen said. 

SAP has released two security notes about the issues, and the Cybersecurity and Infrastructure Security Agency (CISA) issued its own notice urging customers to implement the patch. 

"These vulnerabilities can be exploited over the internet and without the need for attackers to be authenticated in the target systems, which makes them very critical," said Mariano Nunez, CEO and Co-founder of Onapsis. 

Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read now

He went on to explain that Onapsis Research Labs had been investigating HTTP Smuggling issues over the last year before discovering the SAP issues. 

Threat actors, according to Onapsis, can send malicious payloads leveraging these HTTP Smuggling techniques and successfully exploit SAP Java or ABAP systems with an HTTP request that is indistinguishable from a valid message. These vulnerabilities can be exploited in affected systems over the internet and pre-authentication, meaning they are not mitigated by multi-factor authentication controls, Onapsis added. 

"SAP has partnered with Onapsis to maintain secure solutions for our global customer base," said Richard Puckett, Chief Information Security Officer for SAP. "It is through collaboration with key partners like Onapsis that SAP can provide the most secure environment possible for our customers. We strongly encourage all SAP customers to protect their businesses by applying the relevant SAP security patches as soon as possible." 

SAP said it is not aware of any data breaches that resulted from threat actors exploiting the vulnerability but urged customers to apply the security notes. 

Onapsis releaseda free tool that SAP customers can use to scan their systems for affected applications. 

Aaron Turner, vice president at Vectra, said that what we learned in March of 2021 with the Hafnium attack targeting on-premises Exchange servers is being replayed in the SAP ecosystem. 

"SAP servers are extremely rich targets, with significant access to material business processes and generally have multiple privileged credentials stored and used on those servers. With the Onapsis research, they have uncovered an exploit path that allows attackers to gain access to those privileged credentials to move laterally within the on-premises network and also pivot into the cloud, as most SAP customers have federated their legacy SAP workloads with cloud-based ones," Turner said. 

"Just as Hafnium allowed attackers to pivot from on-prem Exchange to M365, this SAP attack path could allow the same. The SAP security updates will be critical ones to install, not just to protect those on-premises SAP servers but also any systems, on-prem or cloud, that may share credentials or trust relationships with those servers."

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.