SAP customers who don’t apply the company’s security patches are at risk of hackers gaining full control of unsecured SAP applications and stealing sensitive information, according to alerts issued by the software company and the federal governments of the US and Germany.
The alert issued by Germany-based SAP and Boston-based cybersecurity company Onapsis on Tuesday urges SAP software users to apply security patches, review security configurations of their SAP applications, investigate at-risk environments and perform a compromise assessment.
SAP issued the alert about what it called “active threats” because “many” organizations have still not applied relevant mitigation despite the fact that SAP patches for the vulnerabilities have been available for months, and on some occasions years.