Welcome!

Java IoT Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui, Pat Romanski

News Feed Item

Onapsis Uncovers Two New Critical Business Application Vulnerabilities in SAP BASIS and SAP BusinessObjects

High-Profile Risk Threats Identified by Onapsis Research Labs Experts Reveals That Unauthorized Users Could Access Business-Critical Applications Leveraging SAP BusinessObjects

BOSTON, MA--(Marketwired - December 16, 2014) - Onapsis, the global experts in business-critical application security, today released two new security advisories detailing vulnerabilities in SAP BASIS and SAP BusinessObjects enterprise software.

Organizations use SAP BusinessObjects to track, analyze and report on business performance, while SAP BASIS is comprised of the administrative functionalities and processes which run SAP systems including the database, supporting architecture, and the user interface.

Included in the security advisories is a 'critical risk' alert cautioning SAP BusinessObjects users against a vulnerability that could be used by unauthenticated attackers to access and modify information stored on the SAP BusinessObjects server. This 'critical risk' vulnerability could potentially expose and compromise an organization's ability to perform business intelligence queries such as performance management, product planning, and reporting structure. Furthermore, business intelligence reports could be manipulated by malicious attackers, altering decision-making information used by senior executives.

Another vulnerability is a 'high risk' alert impacting authorization checks for SAP BASIS. If exploited, this vulnerability could allow an authenticated attacker access to background processing which automates routine tasks and helps to optimize the organization's computing resources. If this process is tampered with, the attacker would be able to compromise the SAP system's ability to properly run business-critical reports and programs.

Ezequiel Gutesman, Director of Research, Onapsis Research Labs, said, "Advanced threats targeting SAP systems that run business-critical applications are increasing at an alarming rate. These security advisories are the latest example of how key systems are vulnerable to attack and have to be a main focus of an organization's security strategy. Additionally, it is now an executive imperative to understand the risks associated with SAP security posture and potential business impact."

The advisories are released by the Onapsis Research Labs, a team of security experts who combine in-depth knowledge and experience to deliver technical analysis with business-context, and provide sound security judgment to the market. The team has released over 110 advisories to date, consulted on impact with over 160 Onapsis enterprise customers and presents at leading security and SAP conferences around the world.

Each advisory details the business-context relevance of an identified vulnerability, including impact on business, a description of the affected components, and steps to resolution such as patch download links and recommended security fixes.

The Onapsis Security Advisories are publicly available at: http://www.onapsis.com/research/advisories.

Ezequiel Gutesman, Director of Research, and Juan Perez-Etchegoyen, CTO of Onapsis, will be hosting an exclusive analysis of 2014 SAP security vulnerabilities on December 18th, 2014 at 1:00 P.M. EST. To register, please click here.

About Onapsis
Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications by combining technology, research and analytics. Onapsis enables every security and compliance team an adaptive approach to focus on the factors that matter most to their business-critical applications that house vital data and run business processes including SAP Business Suite, SAP HANA and SAP Mobile deployments. 

Onapsis provides technology solutions including Onapsis X1, the de-facto SAP security auditing tool, and Onapsis Security Platform which delivers enterprise vulnerability, compliance, detection and response capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines in-depth knowledge and experience to deliver technical and business-context with sound security judgment. This enables organizations to efficiently uncover security and compliance gaps and prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business risk, highlighted compliance gaps, lower operational security costs and demonstrable value on investment.

Twitter: @onapsis
LinkedIn: linkedin.com/company/onapsis

Media contacts:
Jackie Fraser
Hazel Butters
Prompt PR on behalf of Onapsis
Tel: +1 857 277 5140
617 842 0107
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

IoT & Smart Cities Stories
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...