http://www.crn.com/software/208400258
By Mario Morejon
ChannelWeb
May 27, 2008
After notification by our Test Center, SAP (NYSE:SAP) security experts
have "fast-tracked" an investigation into potential holes in certain
deployments of the software giant's server technology -- holes that
apparently could leave entire data stores wide open to potential abuse
by hackers.
The Waldorf, Germany-based company is examining potentially alarming
scenarios, brought to its attention by our Test Center, which found that
one data store built on SAP technology revealed an easy opportunity for
cyber criminals to gain access to a large corporate database.
Fritz Bauspiess, director of SAP NetWeaver product management security,
says the company is looking at the issue brought to its attention by the
Test Center earlier this month.
"The [SAP] team will work to see if they can replicate the issue and
verify it, then will create a recommendation to customers on how to
address (if one does not already exist)," Bauspiess said.
The Test Center first began examining the issue earlier this month and,
working with an SAP engineer for one large corporation, who talked to us
on condition of not being named, pointed out the scenarios. The Test
Center examined the specific deployment first hand, and identified the
weaknesses.
[...]
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments