ERPScan warns SAP Afaria MDM Users Against Malicious Vulnerabilities
PALO ALTO, CA: Business Application security and solutions provider ERPScan reveals details of the vulnerability in SAP Afaria MDM solution. ERPScan couldn’t present these details at the BlackHat APAC security conference, due to responsible disclosure rules. Post release of the SAP patch, ERPScan shreds light about the vulnerabilities. Afaria has retained the pole position in the market of mobile device management software. IDC Corp. reports that Afaria has captured about 20 percent of the market share over a period of 10 straight years with 1000 corporate customers in 2012. A very recent information estimates around 6300 customers using this solution. Which is explains the scope of vulnerable exposure through SAP Afaria.
Of the several flaws, the prominent one is the Buffer overflow vulnerability. This Buffer overflow vulnerability in SAP’s Afaria platform is liable to exploitation remotely without the need of any authentication and can be used to conduct Denial of Service attack against a company’s MDM solution. As per some speculations, if a company’s MDM system is breached, its employees won’t be able to carry out even their daily responsibilities like procurement, warehouse management, shipping and so on.
Many senior executives are habituated to using mobile devices for referring all the reports. Hence their smartphones are also liable to be affected. The vulnerabilities can be used to execute malicious code on the server, and, as a result, obtain access to all devices and modify their configurations.
Hence, ERPScan sends out a word to all SAP customers for being aware attentive to such vulnerabilities and apply appropriate patches as well as other patches provided in the SAP released Security update.
By Dr. John Bates, CTO, Intelligent Business Operations &...
By Denise Zabawski, CIO, Nationwide Childrens Hospital
By Cynthia Weaver, A.V.P of IT, Walbridge
By Kris Lappala, CIO, Kiewit
By Sherry Aaholm, VP & CIO, Cummins [NYSE:CMI]
By Leo Casusol, CIO, Liquidity Services
By Joe Fuller, VP/CIO, Dominion Enterprises
By Dennis Fiszer, CCO, HUB International
By David Butler, Sr. Director, Digital Customer Experience,...
By Mark Jacobsohn, SVP, Booz Allen Hamilton
By Miguel Gamino, CIO & Executive Director-Department of...
By Jonathan Reichental, CIO, City of Palo Alto
By Pam Puetz, VP & HR Services, First American Financial...
By Aref Matin, CTO, Ascend Learning
By Jim Sills, CIO/Cabinet Secretary, State of Delaware
By Jesse Laver, Vice President Global Sector Development,...
By Andy Newsom, CIO, CSL Behring
By Jason Cook, CISO, BT Americas [NYSE:BT]
By Jim Grubb, VP Marketing & Chief Demonstration Officer, Cisco
By Don Lindsey, VP and CIO, Tallahassee Memorial HealthCare