Active SAP Exploitation Activity Identified by the Onapsis Research Labs

The Onapsis Research Labs continuously monitors the evolving SAP threat landscape to rapidly identify elevated risk, trending threat behavior and activity, and vulnerabilities that are being leveraged by attackers to compromise business applications. The Onapsis Research Labs observed active exploitation attempts against three existing and previously patched SAP vulnerabilities. These vulnerabilities are remotely exploitable through the HTTP(s) protocol and have publicly available exploits and PoCs which facilitate its exploitation. As a result of this, on June 9, 2022, CISA updated its Catalog of Known Exploited Vulnerabilities to now include these three aforementioned SAP vulnerabilities. This catalog is a dynamic collection of known vulnerabilities that are currently being exploited in the wild. Mitigation and/or remediation of these vulnerabilities is mandatory for all federal civilian executive branch agencies, but this catalog also serves as an excellent repository of current exploitation activity for the private sector as well. These three new additions only further support the continuing threat intelligence published by CISA documenting this growing knowledge and exploitation activity around older vulnerabilities for unpatched, unprotected SAP systems. It’s important to ensure that your critical systems have these SAP Security Notes effectively applied. This session with SAP, CISA and Onapsis covers the latest developments in the Threat Landscape for SAP business-critical applications, including: - The assets organizations can leverage from CISA to help with securing application - Which vulnerabilities are currently being exploited by threat actors - Tactics and behaviors that threat actors may exhibit when exploiting these vulnerabilities on unpatched SAP applications - How you can leverage Onapsis technology to protect your SAP applications