Business application security specialist ERPScan has published details of a critical buffer overflow vulnerability in the SAP Afaria MDM solution that had the potential to disable access to corporate systems for millions of mobile users.
SAP released a patch for the vulnerabilities three months ago, and ERPScan strongly recommends customers ensure they apply the appropriate patches.
The buffer overflow vulnerability in SAP’s Afaria platform, currently used by 6300 customers, can be exploited remotely without authentication and can be used to conduct Denial of Service attack against a company’s MDM solution.
If the system is compromised, employees could be prevented from performing their daily duties such as procurement, warehouse management, shipping and so on. The vulnerability can be used to execute malicious code on the server, and as a result, obtain access to all mobile devices – commonly used by executives to view reports – and modify their configurations.
According to ERPScan, the number of vulnerabilities in mobile platforms is growing rapidly, with almost 30 issues in SAP Mobile applications already closed in 2015, and patches for many others still in progress.
