SAP Watch

Aug 31 2006   11:25AM GMT

Critical database flaw discovered


Symantec has issued an advisory about a crtical flaw in the SAP MaxDB database that could be targeted by hackers to execute arbitrary code. Researcher Oliver Karow of Symantec is credited with finding the database vulnerability.

The flaw was fixed in the latest version of MaxDB "It is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur," according to a security advisory issued by Symantec.

As a temporary workaround, MaxDB customers can disable the SAP-DB WWW Service or restrict access to it, according to Symantec. SAP customers can download the latest version at In 2004, SAP entered into an agreement with open source database maker mySQL to cross-license SAP DB.

The open source database was then rebranded MaxDB. It is optimized to run in conjunction with the mySAP Business Suite and the mySQL database management system.

Check out the Symantec SAP MaxDB security advisory.
Visit our security topic center for more security related  news and information.
We also have more information related to MaxDB.

-Rob Westervelt

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: