1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SAP patches login flaw in ASE database

Discussion in 'Network World' started by RSS, Apr 24, 2015.

  1. RSS

    RSS New Member Member

    SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.

    The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.

    TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page