Newly provisioned SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found. Unsecured configuration settings used by attackers to attempt to brute force the passwords of high-privilege user accounts (SAP, SAPCPIC, TMSADM, CTB_ADMIN) that are usually installed on an SAP environment during deployment and configuration. The vulnerabilities ‘ some dating back to 2011 and some discovered only last year ‘ have all been patched by SAP.
Source: https://www.helpnetsecurity.com/2021/04/07/sap-applications-compromised/