Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

SAP hurries out a security patch for its TREX search engine

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

April 13, 2017

We just learned that SAP has urgently made available a security patch for its TREX search engine, after security researchers discovered a few flaws in a 2015 patch that was previously issued.

So yes: it's a security patch for another existing patch. TREX is a search engine used in many SAP applications, including its HANA database and its venerable NetWeaver application.

And it's also used in its integration platform, so it's critical that system admins everywhere get this done right.

According to ERPS-Can, SAP thought it had patched the code injection vulnerability in December 2015 when in fact it wasn't done correctly...

In fact, ERPS-Can’s Mathieu Geli looked into the TREX Net communication protocol and found it ran without authentication, so that's a blunder.

He’s also quoted in the ERPS-Can advisory notice as saying “I reversed a protocol for HANA and then for the TREX search engine. As they share a common protocol, the security exploit has been easily adapted. SAP did repair some features, but not everything affecting the core protocol. It was still possible to get full control on the server even with a patched TREX.”

He also asserted that bulletin CVE-2017-7691 lets an attacker send a crafted request to TREX Net ports to read or create operating system files, in addition to the above.

The security flaw was one of 15 patched this week on April 11, in SAP’s monthly security patch release.

Source: SAP.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer