banner

SAP patches login flaw in ASE database

Written by Cio
2000px-SAP-Logo.svg
  • Cio
  • 2 years ago

2000px-SAP-Logo.svg

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.

The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.

TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.

Read More

0 0
Article Tags:
· · · ·
Article Categories:
Security · Software

Leave a Comment

Your email address will not be published. Required fields are marked *