ERPScan warns SAP Afaria MDM Users Against Malicious Vulnerabilities

By CIOReview | Thursday, September 3, 2015

PALO ALTO, CA: Business Application security and solutions provider ERPScan reveals details of the vulnerability in SAP Afaria MDM solution. ERPScan couldn’t present these details at the BlackHat APAC security conference, due to responsible disclosure rules.  Post release of the SAP patch, ERPScan shreds light about the vulnerabilities. Afaria has retained the pole position in the market of mobile device management software. IDC Corp. reports that Afaria has captured about 20 percent of the market share over a period of 10 straight years with 1000 corporate customers in 2012. A very recent information estimates around 6300 customers using this solution. Which is explains the scope of vulnerable exposure through SAP Afaria.

Of the several flaws, the prominent one is the Buffer overflow vulnerability. This Buffer overflow vulnerability in SAP’s Afaria platform is liable to exploitation remotely without the need of any authentication and can be used to conduct Denial of Service attack against a company’s MDM solution. As per some speculations, if a company’s MDM system is breached, its employees won’t be able to carry out even their daily responsibilities like procurement, warehouse management, shipping and so on.

Many senior executives are habituated to using mobile devices for referring all the reports. Hence their smartphones are also liable to be affected. The vulnerabilities can be used to execute malicious code on the server, and, as a result, obtain access to all devices and modify their configurations.

Hence, ERPScan sends out a word to all SAP customers for being aware attentive to such vulnerabilities and apply appropriate patches as well as other patches provided in the SAP released Security update.