Hear directly from SAP on how we’re proactively working together to protect the global economy.
In our first joint report, Onapsis and SAP outlined a critical cybersecurity blind spot impacting how many organizations protect their business-critical SAP applications. Our research showed that not only has the threat landscape grown in recent years, but threat actors have gotten more sophisticated using well-known exploits, and the window for defenders has gotten increasingly smaller.
There’s one thing that was clear through 2021 and it’s that cybercriminals love a holiday. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert that threat actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends. To prepare our customers for potential attacks over the 2021 holiday season and beyond, SAP and Onapsis outlined several key steps organizations can take to minimize the risk of an attack on their business-critical SAP applications.
Since we became aware of Log4j, Onapsis worked around the clock to understand the impact of this vulnerability on some of the most widely used SAP products. Onapsis and SAP partnered together for a customer session on protecting SAP applications from the threat of Log4j.
Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. The ICMAD vulnerabilities require immediate attention by most SAP customers. One of the vulnerabilities, CVE-2022-22536, received the highest possible risk score, a 10 out of 10. As a result, CISA has issued a Current Activity Alert. If exploited, these vulnerabilities enable attackers to execute serious malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.
Let us show you how simple it can be to protect your business applications.
