http://www.crn.com/software/208400258
By Mario Morejon
ChannelWeb
May 27, 2008
After notification by our Test Center, SAP (NYSE:SAP) security experts
have "fast-tracked" an investigation into potential holes in certain
deployments of the software giant's server technology -- holes that
apparently could leave entire data stores wide open to potential abuse
by hackers.
The Waldorf, Germany-based company is examining potentially alarming
scenarios, brought to its attention by our Test Center, which found that
one data store built on SAP technology revealed an easy opportunity for
cyber criminals to gain access to a large corporate database.
Fritz Bauspiess, director of SAP NetWeaver product management security,
says the company is looking at the issue brought to its attention by the
Test Center earlier this month.
"The [SAP] team will work to see if they can replicate the issue and
verify it, then will create a recommendation to customers on how to
address (if one does not already exist)," Bauspiess said.
The Test Center first began examining the issue earlier this month and,
working with an SAP engineer for one large corporation, who talked to us
on condition of not being named, pointed out the scenarios. The Test
Center examined the specific deployment first hand, and identified the
weaknesses.
[...]
Received on Wed May 28 02:14:24 2008