SAP® Security In-Depth:
Preventing Cyberattacks Against SAP Solution Manager
Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?
- Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
- More ERP systems are exposed to the internet than ever before
- Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
- Software vulnerabilities, if left unpatched, create risk and opportunities for attackers
With this is mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.
Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.
For more information, check out our blog post analysis of the March 2020 SAP Patch Day