Patch issued but Ruskies keep details under wraps
By Darren Pauli, 29 May 2014
Russian security researchers have reported a vulnerability in SAP NetWeaver which could allow attackers to gain access to Central User Administration tables.
Details on the vulnerability (CVE-2014-3787) in the service-oriented and integration platform were kept under wraps by security firm PT Security which conducted regular tests on SAP kit.
The Central User Administration feature streamlined management of multiple users accounts that were managed on different clients. SAP was among the most popular business applications and was used by three quarters of Forbes 500 companies.
Dmitry Gutsko said the sensitive information disclosure vulnerability affected NetWeaver versions 7.20 and earlier.
Full Article
Userlevel 7
The following is a update on Sap Deployment Attacks
By HNS Staff/ Posted on 16 June 2014
"Quote" Analysis of 3000 vulnerabilities in SAP
According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP.
Here are 6 highlights from a research conducted by the ERPScan team during 7 years of deep analysis of SAP vulnerabilities. A significant share of the analyzed vulnerabilities was found by the ERPScan research team themselves.
Help Net Security/ full read here/ http://www.net-security.org/secworld.php?id=17008
By HNS Staff/ Posted on 16 June 2014
"Quote" Analysis of 3000 vulnerabilities in SAP
According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP.
Here are 6 highlights from a research conducted by the ERPScan team during 7 years of deep analysis of SAP vulnerabilities. A significant share of the analyzed vulnerabilities was found by the ERPScan research team themselves.
Help Net Security/ full read here/ http://www.net-security.org/secworld.php?id=17008
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.