SAP

Pierluigi Paganini March 11, 2016
SAP Download Manager flaw exposed user password

An attacker who manages to get access to a user’s configuration file for SAP Download Manager might be able to obtain the stored proxy password. Are you a SAP user? Do you use the SAP Download Manager that allows downloading of software packages and support notes? You urgently need to update it in order to fix […]

Pierluigi Paganini February 10, 2016
SAP fixed a flaw in xMII that could open the door to nation-state hackers

SAP fixed a vulnerability affecting SAP MII can be used as a starting point of multi-stage attacks aiming to get control over plant devices and manufacturing systems. SAP fixed a critical vulnerability in its application that could be exploited by hackers, especially nation-state actors, to compromise industrial manufacturing software. SAP issued a critical software update that […]

Pierluigi Paganini June 20, 2015
Serious security issue affects SAP HANA systems

Security experts at ERPScan discovered a serious security issue in SAP’s in-memory relational database management system, HANA. The SAP in-memory relational database management system, HANA, is affected by a serious security issue, the static encryption key is stored in the database. The fact that the encryption key is static means that every SAP HANA installation […]

Pierluigi Paganini May 15, 2015
Remotely Exploitable flaws affect SAP solutions

SAP products make use of a proprietary implementation of LZC and LZH compression algorithms that could be exploited by attackers in several ways. For the second time in a week, we are speaking about security vulnerabilities affecting SAP systems, recently I wrote about a study published by the Onapsis firm that revealed over 95% of SAP […]