Unpatched SAP applications are target-rich ground for hackers Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities Share this item with your network: By Published: 07 Apr 2021 9:00 Hackers are targeting unpatched vulnerabilities in SAP applications, according to a report issued by SAP and cyber threat research company Onapsis. The report detailed more than 300 successful exploitations of critical vulnerabilities previously patched by SAP through 1,500 attack attempts between June 2020 and March 2021. It also highlighted that the time window for defenders to act was significantly smaller than previously thought, “with examples of SAP vulnerabilities being weaponised in less than 72 hours” after the release of patches and “new unprotected SAP applications provisioned in cloud (IaaS) environments being discovered and compromised in less than three hours”.