Flaw found in thousands of SAP servers

Vulnerabilities to be demonstrated at Black Hat

Thousands of SAP servers on the internet could be affected by vulnerabilities that bypass authentication checks, a researcher will demonstrate at Black Hat 2011.

Alexander Polyako, chief technology officer at ERPScan, found flaws in the J2EE engine of SAP NetWeaver software that could allow an attacker to assign themselves administrative privileges.

"For example, it is possible to create a user and assign to the administrators group using two unauthorised requests to the system," Polyako said.

"It is also dangerous because that attack is possible on systems protected by two-factor authentication."

The company demonstrated the vulnerabilities with a tool that searches for SAP servers with undisclosed keywords. It found that "more than half of [detected] servers could be hacked" using the vulnerability.

The vulnerabilities could affect many more SAP servers built with custom configuration, according to Polyako.

New York to require social media platforms to display mental health warnings

Trump's AI hiring campaign draws interest from 25,000 hopefuls

Waymo to update software after power outage snarls robotaxis

Telstra used ConnectID impermissibly for months

NSW Housing Development Authority largely cleared on shadow AI use

Flaw found in thousands of SAP servers

Vulnerabilities to be demonstrated at Black Hat

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Telstra used ConnectID impermissibly for months

University of Sydney "online IT code library" breached

US bars approvals of new models of DJI, all other foreign drones

UK government was hacked in October, minister confirms

Most popular tech stories

Audit Office of NSW and Data61 explore AI for gov auditing

State of HR Tech

Zara turns to AI to generate fashion imagery

State of HR Tech 2025

Cochlear pilots voice-to-text Salesforce integration for lead management

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Home-grown Higgns to bring IoT to the world

Photos: The 2024 IoT Awards winners

Govt launches consumer tech label program for smart devices

New York to require social media platforms to display mental health warnings

Trump's AI hiring campaign draws interest from 25,000 hopefuls

Waymo to update software after power outage snarls robotaxis

Telstra used ConnectID impermissibly for months

NSW Housing Development Authority largely cleared on shadow AI use

Flaw found in thousands of SAP servers

Vulnerabilities to be demonstrated at Black Hat

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Telstra used ConnectID impermissibly for months

University of Sydney "online IT code library" breached

US bars approvals of new models of DJI, all other foreign drones

UK government was hacked in October, minister confirms

Most popular tech stories

Audit Office of NSW and Data61 explore AI for gov auditing

State of HR Tech

Zara turns to AI to generate fashion imagery

State of HR Tech 2025

Cochlear pilots voice-to-text Salesforce integration for lead management

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

Blackberry celebrates "giant step forward"

'Touch-free' smartphone controlled with head movements

Home-grown Higgns to bring IoT to the world

Photos: The 2024 IoT Awards winners

Govt launches consumer tech label program for smart devices

Log In