US sounds alarm after SAP bug found affecting multinationals
The U.S. government is warning major corporations to check the configuration of their SAP software systems after a computer security company discovered at least 36 global enterprises were still vulnerable to a significant bug patched more than five years ago.
The bug allows hackers to remotely gain full administrative access to SAP systems and affects at least 18 of the company’s software systems, according to security vendor Onapsis.
Using it, attackers can gain “complete control of the business information and processes on these systems, as well as potential access to other systems,” the U.S. Department of Homeland Security said in a bulletin. It’s only the third time this year the department has issued such a notice.