Article

SAP, MySQL patch critical database flaw

SearchSAP.com Staff
Developers have corrected a flaw in the SAP MaxDB database that could be targeted by hackers to execute arbitrary code.

Researcher Oliver Karow of Symantec is credited with finding the database vulnerability. The flaw was fixed in the latest version of MaxDB 7.6.00.31.

"It is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur," according to a security advisory issued by Symantec.

As a temporary workaround, MaxDB customers can disable the SAP-DB WWW Service or restrict access to it, according to Symantec. SAP customers can download the latest version at www.service.sap.com.

In 2004, SAP entered into an agreement with open source database maker MySQL to cross-license SAP DB. The open source database was then rebranded MaxDB. It is optimized to run in conjunction with the mySAP Business Suite and the MySQL database management system.

    Requires Free Membership to View


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: