U.S. Security Alert Warns About 6-Year-Old SAP Vulnerability

Europe’s biggest software company, SAP, is the subject of a U.S. security alert over a vulnerability the firm disabled six years ago that can still give outside attackers remote control over older SAP systems if the software is not properly patched. SAP fixed the issue, but left the decision over whether to switch off an easy access setting up to its customers, who may sometimes place a higher priority on keeping their business-critical SAP systems running than on applying security updates.