Skip to Content
Author's profile photo Anand Nayak Rao Kotti

US-CERT Alert issued for SAP again !

Multiple warning shots from US Government cannot be Ignored ! Never before since the inception of SAP a US-Cert Alert has been Issued for SAP Applications. It is time for organizations to take  these threat seriously.


Malicious Cyber Activity Targeting ERP Applications

Exploitation of SAP Business Applications



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Greg Capps
      Greg Capps

      Why in July 2018 would you refer to a May 2016 alert which was last updated nearly 2 years ago by the US government?  This is how FAKE news gets started.  Am I missing something?  Direct from the US government alert below shows 2 years since last update, not AGAIN.

      Alert (TA16-132A)

      Exploitation of SAP Business Applications

      Original release date: May 11, 2016 | Last revised: September 29, 2016
      Author's profile photo Anand Nayak Rao Kotti
      Anand Nayak Rao Kotti
      Blog Post Author

      Hello Greg,

      Thanks for taking time to read the blog, I referred to two US-alerts one was issued in July 2018 and other was issued in 2016. The point I was trying to convey is these alerts were directed toward's SAP!

      The alert from 2016 is still VERY MUCH relevant today , your ERP systems are at risk if the systems are not patched against the vulnerability reported in the alert. As you could read from the alert the Invoker Servlet vulnerability exist since 2010 and 36 organization got off guard in 2016, for 6 years nothing has been done to remediate.

      This is the info you are missing , I hope this helps explain.

      "At least 36 organizations worldwide are affected by an SAP vulnerability [1](link is external). Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications.

      The observed indicators relate to the abuse of the Invoker Servlet, a built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms). The Invoker Servlet contains a vulnerability that was patched by SAP in 2010. However, the vulnerability continues to affect outdated and misconfigured SAP systems."