We all know the Where’s Waldo/Where’s Wally books and graphics where Waldo/Wally in his red-striped shirt and red-striped hat is hiding in plain sight to be found right?!
A similar thing happened last month when a HOTNEWS SAP Security note 2969828 (User needed to access) was released to fix a vulnerability in Wily Enterprise Manager. Wily Enterprise Manager is a 3rd party component that is often deployed in SAP landscapes to address specific monitoring needs for Java systems and is one of those components ‘hiding in plain sight’. Many customers run this piece of software but apart from the SAP basis team, no-one knows it exists.
Yet, as it turns out, this software can be used as an entry point to gain access to the rest of your business-critical SAP landscape. Even though this is kind of an exotic component in your SAP landscape, fixing the issue is nothing unordinary. Please read the above SAP note for instructions and make sure to patch your Wily Introscope Enterprise Manager installation better sooner than later.
And while you are at it, please also make sure to check SAP Security note 2971638 as it deals with the (long known) existence of default accounts in your Wily Introscope Enterprise Manager installation. Also there, nothing new, these accounts exist already for years, but with the above patch SAP forces users to change them when they are found.
Good to know: With the use of Protect4S, the above vulnerabilities are covered as one out of the roughly 1700 SAP Security related checks.
Contact us to find out more about our software and get a quotation!