Unpacking the Impact of Vulnerabilities Affecting SAP P4 August 2023
Over the past few months, SAP has released a number of Security Notes (patches) addressing a family of vulnerabilities discovered and reported by the Onapsis Research Labs. This family of vulnerabilities has CVSS scores ranging in criticality from 5.3 to 10. Most of these vulnerabilities are related to the SAP P4 protocol itself. And while chained vulnerabilities historically are not easily exploitable, they tend to be a favorite tactic for more sophisticated threat actors.
Pablo Artuso of Onapsis Research Labs is credited with discovering this large family of related, chainable vulnerabilities as “P4CHAINS.” In this presentation, Artuso will walk through a recap of his and Yvan Genuer’s Black Hat USA presentation, including:
- What is P4CHAINS?
- The potential impact of P4CHAINS
- The vulnerability chain(s)
- Elevated impact from chaining