Written by: Kathie McDonald-McClure
On Monday, July 13, 2020, the Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a SAP cybersecurity alert, No. AA20-195A, regarding a critical vulnerability that an unauthenticated attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. CISA strongly recommends that organizations immediately apply patches, prioritizing internet-facing systems and then internal systems. At least 15 SAP Java-based solutions are affected, including the SAP Supply Chain Management, the SAP Enterprise Portal, Central Process Scheduling and other widely used SAP applications. See the Alert for the list of 15 affected SAP applications.