A security expert at the Black Hat conference has revealed that 50 percent of SAP software installations are affected with vulnerabilities that allow hackers to gain access to a corporate system.
The products provided by enterprise software maker SAP are used by more than 100,000 businesses the world over.
Alexander Polyakov, chief technology officer of software security firm ERPScan revealed the vulnerability at the Black Hat conference, the biggest hacking conference there is. Polyakov informed that the company was aware of the issue and has promised to release a patch within a week’s time.
He warned that the vulnerabilities can ‘be used for espionage, sabotage and fraudful [sic] actions against hacked company’.
The security researcher pointed out the vulnerabilities were in the J2EE engine of SAP NetWeaver software, which allow hackers to circumvent authorisation checks, PC Pro reports.
“It is possible to create a user and assign him to the administrator's group using two unauthorised requests to the system. It's also dangerous because that attack is possible on systems protected by the two-factor authentication systems, in which you need to know a secret key and password to get access,” he said.