Press Release

SAPocalypse – concept of a new SAP worm will be presented at HITB Malaysia

Palo Alto, CA – October 4, 2011 Two months have passed since the report on critical vulnerability in SAP’s J2EE engine was published. Though it is a serious vulnerability, some people didn’t estimate it, pointing to the fact that only systems on the JAVA basis which sometimes don’t store critical data, as ERP or BI do and used for these systems’ connection and collaboration.

Read more

ERPScan researchers took part in Brucon conference and conducted a meeting with SAP.

Brussels, Belgium – October, 2011 ERPScan specialists took part in Brucon conference which was held in September, 19-20 in Brussels (Belgium). An updated talk, devoted to program and architect vulnerabilities in J2EE engine of SAP NetWeaver platform, was presented at the conference. There were presented two new vulnerabilities, which allow getting information unauthorized about users’ names in the system, and also conducting a company internal network scanning via servers, available in the Internet.

Read more

SAP security threads at the worldwide conferences

Palo Alto, CA – September 7, 2011 In the near future a series of worldwide conferences will take place, at which ERPScan will present reports with new details about the latest vulnerabilities discovered in SAP and also will conduct trainings on SAP security. For example, at the Hack In The Box conference at Kuala Lumpur it will be shown how it is possible, aside from the control over the J2EE server which is available remotely and on which Portal or Solution Manager is usually located, to get access to Company internal resources and to the ERP system, even if it is closed by the firewalls.

Read more