AuthentificationCyberCrimeSecuritySecurity Management

SAP Rushes To Patch Cyber Security Flaws In HANA

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Follow on:

Luckily, the flaws were fixed before hackers were able to find and exploit them

SAP has rushed to patch a zero-day security flaw in its HANA database platform before hackers had a chance to run riot with it.

Security company Onapsis Research Labs originally uncovered the flaws that would have allowed hackers to compromise vulnerable database systems without the need for valid usernames and passwords.

The cyber security flaws, now patched by SAP, include two SQL injection vulnerabilities and a flaw that allowed authenticated users to access information without the required privileges.

HANA hack risk

sap-hanaGiven SAP’s HANA database management systems underpins the data troves of many an enterprise, the flaws were serious indeed, as had hackers exploited them they could have gained access to valuable deposits of data.

Luckily, SAP moved fast to patch the flaws within days after they were disclosed to the company, meaning patched HANA systems are safe and secure. However, failure to adopt the latest patch could leave enterprises not abreast of the news vulnerable to such flaw-exploiting hack attacks.

“Of the five security notes, only two are rated with a Very High and High criticality. These criticality ratings indicate that affected customer systems could be at serious risk if an attacker exploits one of these vulnerabilities,” said Holger Mack, security lead at SAP.

“All security issues are fixed in SAP HANA revisions 122.7 or higher for SAP HANA 1.0 and revision 1 for SAP HANA 2.0 SPS 00,” he added. “We expect very few SAP HANA customers to be affected by these issues.”

In this instance, the company appears to have been very lucky, but the situation could have been a lot worse had hackers had time to discover the vulnerabilities and then get busy exploiting them. At the time of writing, there have been no examples of hackers taking advantage of the zero-day vulnerabilities and tapping into the flaws to gain access to the HANA databases.

Enterprise will need to be aware of the near constant discovery of security flaws, particularly as increasing amounts of criminals are turning to technology to commit their crimes.

Quiz. Are you a security guru?