By Freya Purnell
Application security experts Onapsis has released five new security advisories outlining vulnerabilities in SAP BusinessObjects and SAP HANA – two of which are ‘medium risk’ and three of which are considered ‘high risk’.
According to Onapsis, depending on an organisation’s use of the platforms, ‘high risk’ vulnerabilities could be used by cyber attackers to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.
The three ‘high risk’ advisories relate to SAP BusinessObjects through the default CORBA connector, one of which allows unauthenticated users to overwrite business data, while the ‘medium’ risks relate to SAP HANA Web-based Development Workbench and SAP BusinessObjects via CORBA.
“Taking steps to patch these vulnerabilities, or to implement control measures is critical to protecting your SAP systems. Recent headlines alone have shown us the consequences of not having proper security measures in place, especially when you’re dealing with systems that are housing data and processing transactions vital to the ongoing success of your business,” said Ezequiel Gutesman, director of research, Onapsis.
The advisories are released by the Onapsis Research Labs.
