Up to 90 percent of 1 million SAP systems used by 50,000 companies could be vulnerable, security company says. Boston-based company Onapsis says the estimate is based on data it has collected over the last decade. The exploits, dubbed 10KBLAZE, could be used to view and modify employees’ personal data, bank transfer and routing processes. In the worst-case scenario, attackers could use the methods to shut down SAP systems, report says. SAP has long been aware of the risk of insecure configurations and taken steps to prevent problems.”]
Source: https://www.govinfosecurity.com/saps-netweaver-new-exploits-for-misconfigurations-a-12445