A reportedly serious security bug affecting the J2EE (Java 2 Platform Enterprise Edition) engine in SAP's NetWeaver middleware will be patched soon, SAP said Friday.
NetWeaver underpins SAP's range of enterprise software, including its flagship Business Suite ERP (enterprise resource planning) product. The bug was discussed by security researcher and ERPScan CTO Alexander Polyakov during a presentation at the Black Hat security conference in Las Vegas on Thursday.
The vulnerability makes it possible to crack SAP systems over the Internet by circumventing authorization checks, Polyakov wrote in a blog post before the conference. "For example, it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system."
The attack is also possible on systems that are protected by two-factor authentication systems that use both a secret key and password, he added. ERPscan is making a tool that can detect the problem available at no charge.
"SAP is working closely with Alexander Polyakov on this issue," SAP spokesman Andy Kendzie said in a statement Friday. "SAP will deliver a patch to its customers shortly."
The patch will come as part of a regular security update, and not an out-of-cycle emergency fix, he added.
The news comes shortly after Oracle's release of Java SE 7. The language update shipped with bugs that Oracle engineers knew about prior to the release, a move met with serious consternation from some critics. Oracle plans to fix the bug in an update.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
vulnerablity