Security experts at ERPScan explained that chaining 2 flaws recently patched it is possible to hack SAP CRM systems and access sensitive data.
Security experts at ERPScan discovered that chaining the exploits for two security vulnerabilities in SAP NetWeaver Application Server Java patched last month, an attacker can hack customer relationship management (CRM) systems.
CRMs are critical systems in business that are used to manage sensitive data such as clients’ personal information, prices, contact points.
The flaws are a directory traversal issue and a log injection vulnerability, their combination could lead to information disclosure, privilege escalation, and full compromise SAP CRM installations.
The flaws considered singularly are not particularly severe, they received CVSS Base Scores v.3 respectively of 6.3 and 7.7.
....
....
....
