Extremely dangerous SAP HANA vulnerability patched

by Derek Kortepeter
Sept. 1, 2017 1 comment TechGenix vulnerabilities

As reported by Kaspersky Lab’s blog Threatpost, an incredibly dangerous vulnerability affecting SAP HANA has been patched. SAP HANA is described by SAP as “an in-memory data platform that is deployable as an on-premise appliance, or in the cloud” for real-time analytics. The patch was announced for HANA on March 14 and is advised to be implemented as quickly as possible. The seriousness of the vulnerability earned an astronomical CVSS threat rating of 9.8. The vulnerability in question was discovered by researchers at Onapsis. In their threat report, the specific threat was detailed as affecting the “User Self Service (USS)” component of SAP HANA. The seriousness of the vulnerability, categorized as ATP-SAP-2017-03-14, earned an astronomical CVSS threat rating of 9.8. The reason for such a high score was the fact that ATP-SAP-2017-03-14 allows for remote access of sensitive data without a username or password.


negrii_irina88 4 months, 3 weeks ago

this in-memory database, has been increasingly targeted by hackers over the last year; the management system is primarily used to store, retrieve, and process core business data