SAP Hana users warned of security vulnerability
Hard on the heels of the release of a newly updated version of SAP Hana, a security researcher has warned of a potentially serious vulnerability in the in-memory platform.
"If an attacker can exploit this vulnerability, he can get access to all encrypted data stored in an SAP Hana database," said Alexander Polyakov, CTO with ERPScan, which presented the details Thursday at the Black Hat Sessions XIII conference in the Netherlands.
Polyakov's firm specializes in testing enterprise resource planning (ERP) software from companies such as Oracle and SAP for security purposes. Last year, it had already found SAP Hana installations to be vulnerable to SQL injection attacks, he said. More recently, "our goal was to understand if we can get access to more data and to other servers in the company," Polyakov explained.