In April 2019, researchers Dmitry Chastuhin and Mathieu Geli presented a talk at the OPCDE Cyber Security Conference about two pieces of exploit code that allow anyone to interact with SAP and perform unauthorized transactions. For example, attackers could use the code to shut down an entire SAP system, execute commands as the operating system or extract valuable data.
It is important to note up front that this is not a systems integrator problem. These are known exploits that were never made public, and as such were not available to attackers. SAP released a configuration fix six years ago. If you implemented the fix at that point, it is highly unlikely you are vulnerable to these exploits; however, it is still a best practice to re-assess your SAP configuration to verify that is the case. If you did not implement a fix, because the exploits are now public and available to the world, it is imperative to apply the configuration fix now.
Apply Fixes Where Possible
Support the originator by clicking the read the rest link below.