Alert (TA16-132A)
Exploitation of SAP Business Applications
Systems Affected
Outdated or misconfigured SAP systems
Overview
At least 36 organizations worldwide are affected by an SAP vulnerability [1] (link is external). Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications.
The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker Servlet contains a vulnerability that was patched by SAP in 2010. However, the vulnerability continues to affect outdated and misconfigured SAP systems.
Description
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks.
The Invoker Servlet vulnerability affects business applications running on SAP Java platforms.
SAP Java platforms are the base technology stack for many SAP business applications and technical components, including:
SAP Enterprise Resource Planning (ERP),
SAP Product Lifecycle Management (PLM),
SAP Customer Relationship Management (CRM),
SAP Supply Chain Management (SCM),
SAP Supplier Relationship Management (SRM),
SAP NetWeaver Business Warehouse (BW),
SAP Business Intelligence (BI),
SAP NetWeaver Mobile Infrastructure (MI),
SAP Enterprise Portal (EP),
SAP Process Integration (PI),
SAP Exchange Infrastructure (XI),
SAP Solution Manager (SolMan),
SAP NetWeaver Development Infrastructure (NWDI),
SAP Central Process Scheduling (CPS),
SAP NetWeaver Composition Environment (CE),
SAP NetWeaver Enterprise Search,
SAP NetWeaver Identity Management (IdM), and
SAP Governance, Risk & Control 5.x (GRC).
For more info: https://www.us-cert.gov/ncas/alerts/TA16-132A