Focussing on SAP
NGS Software, better known for their focus on Oracle products, have released information about a brace of SAP product vulnerabilities that range from low to critical risk for users of the products, who have not updated their products.
With a heavy web-based interface component for SAP, and also for many other ERP / CRM / HRM / Enterprise systems, they represent one of the most prominent targets for web vulnerabilities (which most of the disclosed issues are). There are plenty of examples of poorly secured corporate networks where these applications can be interacted with from the general Internet (finding the appropriate Google Dorks is an exercise for the reader), so SAP administrators should expect some increased probing of their systems, given that sample exploitation code was provided with the vulnerability disclosure reports.
SAP have provided patches for these issues in updates from January to May (product dependent), so administrators and caretakers of SAP systems should update as a matter of urgency, if they haven't already applied the patches.
6 July 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.