Sensitive Financial Data in Unpatched Oracle, SAP ERP at High Security Risk

M-A-U/iStock

CFOs beware: sensitive financial data in unpatched ERP systems by Oracle and SAP might be easily targeted by hackers, according to a study by security firms Digital Shadows and Onapsis.

The US’s Department of Homeland Security issued an alert citing that study as well, according to a recent report by Reuters.

The report by the security firms says that systems at two government agencies of the US and at firms in the media, energy and finance sectors were hit as they failed to install patches or took other security measures advised by Oracle or SAP.

While many of the security issues of the ERP systems by the two technology vendors date back a decade or more, cyber criminals, hacker activists, and government spy agencies are increasingly interested in them, Onapis was quoted as saying in a Reuters report.

An alert by the US’s National Cybersecurity and Communications Integration Center says an attacker can exploit such vulnerabilities to access sensitive information without being detected.

Onapsis and Digital Shadows said in their report that about 17,000 SAP and Oracle software installations exposed to the Internet at more than 3,000 large firms, government agencies and universities.

At least 10,000 servers run incorrectly configured software that could expose them to direct attacks using known SAP or Oracle exploits, the report adds.

While the number of known bugs that pose security threats is huge among SAP and Oracle applications especially older ones, organizations might find them costly to fix, the report says, adding that there more than 4,000 such bugs in SAP software and 5,000 in Oracle software.

Read more on

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern