Install latest SAP Adaptive Server Enterprise patches, experts urge
Uloženo v:
| Vydáno v: | CSO (Online) (Jun 3, 2020), p. n/a |
|---|---|
| Hlavní autor: | |
| Vydáno: |
Foundry
|
| Témata: | |
| On-line přístup: | Citation/Abstract Full Text |
| Tagy: |
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstrakt: | The SAP Adaptive Server Enterprise (ASE), previously known as Sybase SQL Server, is a high-performance relational database server with on-premise and cloud deployment options that is used by over 30,000 organizations worldwide, including over 90% of the world's top 50 banks and security firms, according to SAP marketing materials. The problem is that the password to login into this helper database is stored in a configuration file that is readable by all users of the operating system, which means an attacker with access to a local non-privileged Windows account can access the helper database and issue commands that can result in the overwriting of operating system files. Since XP Server runs as LocalSystem, exploitation of this flaw can lead to arbitrary code execution with full system privileges. |
|---|---|
| Zdroj: | ABI/INFORM Trade & Industry |