From ComputerWorld: Serious software flaws have recently been reported for SAP's HANA, the in-memory database platform that underpins many of the German company's products used by large companies.
While some of the problems require SAP-issued patches that are available, other issues require configuration changes, according to Onapsis, a Boston-based security software vendor focused on the SAP platform and that reported the problems.
Eight of the flaws are ranked critical, the highest severity rating, since attackers could use them to delete data, steal customer information and financial statements or change product pricing data.
"We found lot of stuff under the carpet," said Mariano Nunez, CEO of Onapsis.
Several of the 21 vulnerabilities found by Onapsis were remotely exploitable, meaning an attacker could gain access to HANA from over the Internet. "The kind of vulnerabilities we discovered would enable any attacker without any user ID or password to remotely have full control of any SAP HANA-based system," Nunez said.
View: Article @ Source Site
