SAP flaw may expose information

By Joris Evers
Staff Writer, CNET News

A flaw in a component of SAP's business software could expose sensitive information on corporate networks, security researchers warned Monday. The bug, which allows unintended access to data on the server running the software, lies in the Internet Graphics Server in SAP's R/3, according to Corsaire, the British security company that discovered the flaw. Security monitoring company Secunia rates the issue "moderately critical." The U.K. National Infrastructure Security Co-ordination Centre said in an advisory that the issue poses a "high" risk.

SAP's R/3 is used by organizations to carry out accounting, human resources and other corporate tasks. The IGS component has Web server functionality that does not validate information passed to it, according to Corsaire. As a result, it is possible to access data on the system that runs IGS beyond that meant to be available, Corsaire said. SAP has fixed the issue in version 6.40 patch 11 or later, according to Secunia.

See more CNET content tagged:
SAP AG, SAP R/3, flaw, business software, server

Latest tech news headlines

Google buys Gizmo5 for Google Voice
Posted in Relevant Results by Tom Krazit

November 12, 2009 4:49 PM PST
Convicted murderer sues Wikipedia under privacy law
Posted in Technically Incorrect by Chris Matyszczyk

November 12, 2009 4:41 PM PST
Video game sales fall off a ledge in October
Posted in Geek Gestalt by Daniel Terdiman

November 12, 2009 4:31 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; SAP (-0.78%) -0.37 47.33; Dow Jones Industrials (-0.91%) -93.79 10,197.47; S&P 500 (-1.03%) -11.27 1,087.24; NASDAQ (-0.83%) -17.88 2,149.02; CNET TECH (-0.46%) -7.19 1,572.60

Inside CNET News

Scroll Left Scroll Right

Deep Tech
What Intel just bought for $1.25 billion: Less risk
Intel's giving nearly 10 percent of its cash hoard to its top rival so it doesn't risk an even bigger payment. It's also hoping to ease other antitrust cases.
Gallery
New Manhattan Apple store on the Upper West Side--photos
Signal Strength
Apple banks on retail stores
Apple's latest store in Manhattan is part of a bigger plan to win new customers through its retail strategy.
Beyond Binary
Microsoft to schools: Share a PC
The software maker is working on a new option that will let will let multiple students work off a single PC, each with their own screen, mouse, and keyboard.
Video
Exploratorium's shocking 40th anniversary kicks off
Technically Incorrect
Convicted murderer sues Wikipedia under privacy law
A German man convicted of murdering an actor sues online encyclopedia under privacy law he claims prevents his name being mentioned in connection with the murder.
Video
A new workout for the Wii
Geek Gestalt
Video game sales fall off a ledge in October
With total industry sales down 19 percent from a year earlier, things are looking bleak as the holiday season gets under way.
Health Tech
Cough into your cell phone, not your sleeve
Software being developed by Star Analytical Services may soon enable cell phone users to record their coughs and diagnose a cold, flu, or something else.
Gallery
Images: iPhone games graphics showdown
Relevant Results
Google buys Gizmo5 for Google Voice
Terms of the deal for the VoIP software company were undisclosed, but Google's second acquisition of the week will be used to help Google Voice.
Green Tech
DOE technologist handicaps impact of carbon price
Steven Koonin, the Department of Energy's undersecretary for science, projects which energy technologies win out when there's a price on carbon emissions.