A flaw in a component of SAP's business software could expose sensitive information on corporate networks, security researchers warned Monday. The bug, which allows unintended access to data on the server running the software, lies in the Internet Graphics Server in SAP's R/3, according to Corsaire, the British security company that discovered the flaw. Security monitoring company Secunia rates the issue "moderately critical." The U.K. National Infrastructure Security Co-ordination Centre said in an advisory that the issue poses a "high" risk.
SAP's R/3 is used by organizations to carry out accounting, human resources and other corporate tasks. The IGS component has Web server functionality that does not validate information passed to it, according to Corsaire. As a result, it is possible to access data on the system that runs IGS beyond that meant to be available, Corsaire said. SAP has fixed the issue in version 6.40 patch 11 or later, according to Secunia.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation