Onapsis Research Labs shares some of the top SAP security vulnerabilities organizations should be aware of from 2022.
Research
The Risks of SAP RFC Callbacks and How to Avoid Them
This blog explains SAP RFC Callbacks and how to protect your SAP systems.
Protect SAP Systems With Unified Connectivity Framework (UCON)
This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.
AppsMas: A Look Back at the 2022 ERP Security Landscape (Video)
Let’s take a look back at the 2022 ERP Security Landscape and what we can learn from it.
SAP Development System: A Critical Entry Point for Attacks
SAP development systems are an often underestimated entry point for attacks.
Onapsis Research Labs Discovers and Helps Remediate 1,000+ Cybersecurity Vulnerabilities in Business Applications
Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications.
Threat Actors Exploit ERP Vulnerabilities for Financial Gain
Threat actors are exploiting ERP vulnerabilities for financial gain.
Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know
Password hash cracking, user cloning, and user impersonation are realistic attack scenarios in SAP systems. This blog post explains how SAP customers can protect their systems.
Unpatched ERP Vulnerabilities Haunt Organizations
What's spookier than ghosts and goblins? Threats to your company's ERP systems. Read how unpatched ERP vulnerabilities can still be a target for cyberattacks.
ICMAD Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog
On August 18, 2022 the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year, this validation from CISA shows that organizations should prioritize action immediately.