infotechlead

SAP CRM vulnerabilities identified by ERPScan’s researchers

SAP GermanyERPScan’s researchers — at the Troopers security conference — have disclosed the details of two vulnerabilities that allow compromising SAP CRM system.

This application stores business-critical data such as clients’ personal information resulting into reputational and cost losses.

Troopers security conference is an annual event with a special track focused on SAP security.

SAP, a software company based in Germany, was not available for comments on the security threat to its CRM customers.

“It takes nothing to exploit these vulnerabilities. Perpetrators can remotely read any file in SAP CRM without authentication. We scanned the Internet and found nearly 500 SAP servers that are prone to it,” said Vahagn Vardanyan, senior security researcher of ERPScan.

ERPScan identified directory traversal and log injection vulnerabilities in the solution. The two issues in combination lead to information disclosure, privilege escalation, and complete SAP systems compromise. ERPScan said that the two bugs can wreak havoc in any company running SAP CRM.

Latest

More like this
Related

Software firm Logezy exposes sensitive personal and employment data

A significant data exposure incident linked to Logezy, a...

Hertz discloses data breach involving file transfer supplier Cleo

Hertz Global has disclosed that a data breach involving...

DaVita faces ransomware attack, disrupting some of its operations

DaVita announced that it had been the target of...

MENA cybersecurity spending to hit $3.29 bn in 2025, up 13.7% from 2024

Information security spending in the MENA region is expected...