News Stay informed about the latest enterprise technology news and product updates.

Critical SAP flaw leaves systems vulnerable to attack

A flaw in SAP's graphical user interface could be exploited by an attacker to gain user privileges and access data and files.

A serious ActiveX flaw in SAP's graphical user interface (GUI) could be exploited by an attacker to gain access...

to critical files and sensitive data.

SAPgui is used in the company's enterprise resource planning applications. Based in Waldorf, Germany, the software vendor says it has more than 75,000 customers.

The vulnerability can be exploited remotely by an unauthenticated hacker, according to an advisory issued by the United States Computer Emergency Readiness Team (US-CERT). The flaw is in the ActiveX control, MDrmSap, which could crash Internet Explorer when handling malicious code, US-CERT said.

Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. To exploit the flaw, an attacker must trick a user into viewing a malicious website or email message, Secunia said.

SAP issued an update correcting the flaw. As a workaround, the vulnerable ActiveX control can be disabled in Internet Explorer by setting the appropriate kill bit, or by disabling ActiveX in the Internet Zone, US-CERT said in its advisory.

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.