New SAP & Onapsis Threat Intelligence: Active Cyberattacks on Business-Critical SAP Applications

Proving business-critical application security not only takes next-level solutions, it also takes thought leadership. Here you'll find a growing library of materials to help you build your business-critical application security strategy and drive your company forward, confidently.

Volume XV 
SAP® Security In-Depth:

Preventing Cyberattacks Against SAP Solution Manager

Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?

  • Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
  • More ERP systems are exposed to the internet than ever before 
  • Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
  • Software vulnerabilities, if left unpatched, create risk and opportunities for attackers 

With this is mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.

Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption. 

As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.

For more information, check out our blog post analysis of the March 2020 SAP Patch Day 

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo