Scores of Vulnerable SAP Deployments Uncovered

mask.of.sanity writes "Hundreds of organizations have been detected running dangerously vulnerable versions of SAP that were more than seven years old and thousands more have placed their critical data at risk by exposing SAP applications to the public Internet. The new research found the SAP services were inadvertently made accessible thanks to a common misconception that SAP systems were not publicly-facing and remotely-accessible. The SAP services contained dangerous vulnerabilities which were since patched by the vendor but had not been applied."

I can explain

[slashmydots]

As head IT manager, I can definitely explain this. The company approves a software suite that's seemingly "perfect" for 150% the anticipated budget. They really couldn't afford it in the first place so they already cut the support and upgrade path subscription. Then they never approve the absurdly high renewal/upgrade cost the next year and the next year and the next year and tada, you've got an outdated, insecure piece of crap.
When you buy a software suite, make sure you have the money to support it in the long term! It's all about the TCO!

Re:I can explain

[Flere+Imsaho]

SAP - Send Another Payment, or, Sucks All Profit

Re:I can explain

Chuckle. I used to work at a place that gave all their database stuff to a SAP outside vendor, all their letters and form documents.

One of the people who did interviewing later wanted one of his standard letters -- emailed as a PDF routinely -- to have yellow hilighting applied to an important sentence. He asked the vendor to make that change.

The vendor came back with a proposed work order for six hours of programmer time at $200/hour to make that change.

(My coworker printed that page, got a hilighter, hilighted the text, scanned it, and emailed that image thereafter.)