Old SAP vulnerability scares Homeland Security
The Department of Homeland Security has issued an alert about a 6-year-old SAP vulnerability that’s still being exploited enough that DHS deems it worthy of special note.
But the responsibility for being vulnerable lies with SAP users. “This is a responsibility that falls on SAP customers’ information security teams, service providers and external audit firms,” according to an FAQ about the vulnerability that was put out by Onapsis, an SAP-security vendor.
And the company is right. The fixes should have been applied by now.