Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in the SAP ASE (Adaptive Server Enterprise) by Martin Rakhmanov, a SpiderLabs Senior Researcher. SAP ASE is a relational database management system for UNIX, Linux, and Microsoft Windows platforms.
SAP ASE ships with a login named "probe" used for the two-phase commit probe process, which uses a challenge and response mechanism to access Adaptive Server. There is a flaw in implementation of the challenge and response mechanism that allows anyone to access the server as "probe" login. While the "probe" is not a privileged account, other flaws exist that allow privilege elevation from regular database user to database administrator. Combined with such privilege elevation vulnerabilities this one allows complete takeover of the database server. Depending on the version of SAP ASE administrators will want to apply one of these following vendor supplied patches:
ASE 15.7 SP132
ASE 16.0 SP01
For more information on this advisory please follow the link below.
"Probe" login access vulnerability in SAP ASE
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.