1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fake patient data could have been uploaded through SAP medical app

Discussion in 'CSO' started by RSS, Mar 24, 2015.

  1. RSS

    RSS New Member Member

    SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.

    The issues were found in SAP's Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, California, that specializes in enterprise application security.

    Researchers with ERPScan found a local SQL injection flaw that could allow other applications on a mobile device to get access to an EMR Unwired database. That's not supposed to happen, as mobile applications are usually sandboxed to prevent other applications from accessing their data.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page