More than 36 organizations—some in the gas, telecommunications, and steel manufacturing industries—have been breached by attackers exploiting a vulnerability in older SAP business applications that gives them remote access to highly confidential data, the US government-sponsored CERT warned Wednesday.
The attacks were carried out over the past three years by attackers exploiting the “invoker servlet,” which is a set of functions in SAP applications that allows users to run Java applications without use of a password or other authentication measure.
