Older SAP Java platform issues threaten users

Learning to use systems that don't rely on Java can help free organizations from vulnerabilities. Reuters recently reported on the software problems that led to attention from the United States Computer Emergency Readiness Team. According to a May 11 alert from this organization, a previously patched vulnerability is still causing concerns for SAP NetWeaver Application Server Java systems. 

Six years ago, the enterprise software company patched an Invoker Servlet issue which allowed possible access from outside attackers. Despite this, the post said that at least 18 SAP functions could be affected by a Java Platform problem. Some of these include SAP Business Intelligence, SAP Enterprise Portal and SAP NetWeaver Identity Management.

The source listed several proactive steps for administrators to take in response to this issue. While the main solution involves disabling the Invoker Servlet itself, affected companies are also asked to monitor and analyze their systems for any suspicious behavior. This involves looking for other security problems that may not have patches yet.

alttextAn old vulnerability still poses a threat to SAP systems.

Reuters spoke to the CEO of security firm Onapsis, Mariano Nunez, about the issue. Nunez described the continuing threat that this issue poses for SAP system users.

"This is not a new vulnerability," he said. "Still, most SAP customers are unaware that this is going on." This is not only significant because off the large base of SAP users who could be affected, but for the ways that Java issues impact a variety of different related platforms.

In April, Oracle also took action against Java issues by releasing a Critical Patch Update for 49 different products. This update used Common Vulnerability Scoring Standard versions 2.0 and 3.0, but will only use the latter going forward, as the company noted.

Enterprises don't need a Java-based solution for legacy applications. Instead, they can use Inventu Flynet Viewer for flexible support on a wide range of networked devices.