TechTarget

NISCC reveals SAP R/3 security flaw

A security vulnerability in SAP R/3 enterprise software could allow unauthorised access to files, the National Infrastructure Security Coordination Centre has warned.

A security vulnerability in SAP R/3 enterprise software could allow unauthorised access to files, the  National...

Infrastructure Security Coordination Centre has warned.

The security flaw was found in SAP’s Internet Graphics Server (IGS) application, a subcomponent of the SAP R/3 system, by security firm Corsaire. NISCC rated its severity as “high”.

The SAP R/3 enterprise environment is accessible over HTTP and includes a minimal web server function. The security flaw is related to the way the IGS product validates document paths.

Hackers could access documents outside the web root, with the privileges of the user who started the ISG service, by entering an HTTP document path that incorporates a directory traversal (../..) sequence, NISCC warned.

Corsaire recommended upgrading to the latest version of the SAP IGS software, version 6.40 Patch 11, but warned that it was not yet sure whether the patch fully resolved the validation problem.

The IGS product could also be deactivated, the security analysis firm said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close