Showing 9 results for: SAP ×

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for Data Store Access Management (DSAM). This is perfect example of new functionality introducing new vulnerabilities. The new DSAM implementation suffers from an SQL injection...

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure within SAP Adaptive Server Enterprise (ASE) .NET provider. The procedure in question is sp_loginconfig which exists only on ASE running on Windows platforms. If...

About SAP security notice 2113333

SAP published security notice 2113333 "Multiple SQL injection vulnerabilities in SAP ASE" on January 12, 2015 that describes security fixes available for Adaptive Server Enterprise 15.0, 15.5, 15.7, and 16.0. The highest CVSS score is 8.5. These fixes resolve two...

SAP Sybase ASE 15.7 security updates

SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows. Recently SAP released security updates to...

Abusing SAP Servers

During some recent penetration tests I have noticed that large companies have many similarities in their IT infrastructures. One of the things that caught my attention was that quite a few of these companies have SAP systems on their networks....