Homeland Security warns of hackers exploiting SAP security flaw

95655190.jpg(Image via CBS News/CBS Interactive

Homeland Security is warning that hackers are exploiting a security vulnerability in SAP business software — a flaw that dates back to 2010.

The department’s Computer Emergency Readiness Team (CERT) sent an alert on Wednesday warning that at least 36 unnamed organizations are running misconfigured or outdated software, which could leave them prone to remote attacks by hackers.

One of the affected enterprises is said to be one of the top-ten highest annually grossing global companies, and more than a dozen generate over $10 billion in annual revenue per year.

According to the alert, a hacker that successfully exploits the vulnerability can gain full access and complete control to an affected SAP platform — that includes business information and processes on those systems.

The flaw, found in the Invoker Servlet, was fixed in 2010 but persists in outdated software used by many modern businesses.

The flaw affects a number of the company’s most popular business applications, including SAP Enterprise Resource Planning (ERP) and SAP Customer Relationship Management (CRM).

It’s the third alert by the government agency so far this year.

Onapsis, a security firm was credited with finding the flaw, said it had alerted customers that were affected by the flaw, and worked closely with Homeland Security to ensure that affected companies were able to mitigate the risks associated with the flaw.

A spokesperson for SAP did not immediately respond to a request for comment.