ERPScan warns SAP Afaria MDM Users Against Malicious Vulnerabilities
PALO ALTO, CA: Business Application security and solutions provider ERPScan reveals details of the vulnerability in SAP Afaria MDM solution. ERPScan couldn’t present these details at the BlackHat APAC security conference, due to responsible disclosure rules. Post release of the SAP patch, ERPScan shreds light about the vulnerabilities. Afaria has retained the pole position in the market of mobile device management software. IDC Corp. reports that Afaria has captured about 20 percent of the market share over a period of 10 straight years with 1000 corporate customers in 2012. A very recent information estimates around 6300 customers using this solution. Which is explains the scope of vulnerable exposure through SAP Afaria.
Of the several flaws, the prominent one is the Buffer overflow vulnerability. This Buffer overflow vulnerability in SAP’s Afaria platform is liable to exploitation remotely without the need of any authentication and can be used to conduct Denial of Service attack against a company’s MDM solution. As per some speculations, if a company’s MDM system is breached, its employees won’t be able to carry out even their daily responsibilities like procurement, warehouse management, shipping and so on.
Many senior executives are habituated to using mobile devices for referring all the reports. Hence their smartphones are also liable to be affected. The vulnerabilities can be used to execute malicious code on the server, and, as a result, obtain access to all devices and modify their configurations.
Hence, ERPScan sends out a word to all SAP customers for being aware attentive to such vulnerabilities and apply appropriate patches as well as other patches provided in the SAP released Security update.
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....