Research at the beginning of this year provides conclusions about the problems that have recently worsened in almost all software vendors, without exception: the pandemic, first of all, has become increasingly active in identifying gaps in the protection of any products.

 

This is due to several main important facts that companies can influence: the lack of qualified specialists not only in information security, but also users of server corporate platforms, that is, in fact, the system administrators themselves. In addition, it is clear that software vendors still fail to perform various important aspects and perform high-quality testing of products for security and overload resistance.

Interesting news in this area was the results of testing a platform such as SAP ecommerce (very interesting for the business of optimizing supply chains), which received a threat rating of one of the detected vulnerabilities (CVE-2021-21477) in 9.9 out of 10 possible points according to the CVSS scale.

 

Gartner, at the same time, identified SAP as the first in the list in its report on the comparison of existing solutions in the field of similar products in 2020, which highlights all the other advantages of SAP ecommerce.

 

The discovered breach provides an opportunity to make policy settings for creating and editing scenarios for making various decisions. Of course, this can only be done by a user with a sufficient level of privileges at the administrator level.

 

At the same time, the product allows low-level users to independently change certain attributes in the rules in Drools (the platform engine), which ultimately grant all additional rights that were not originally intended and unauthorized by the administrators.

 

This is true for all versions of the product prior to 2011. If there is a ready-made patch, however, the problem, according to Onapsis, is not completely solved – the product must, however, be manually adjusted to avoid incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/blog.gpdhost.com/httpdocs/wp-includes/script-loader.php on line 2652