Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Nvidia takes customer site offline after SAP bug found

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 9 Jan 2014 06:18:44 +0000 (UTC)
http://news.techworld.com/security/3496323/nvidia-takes-customer-site-offline-after-sap-bug-found/

By Jeremy Kirk
Techworld.com
09 January 2014
Graphics chipmaker Nvidia took a customer service website offline Wednesday following a public report of a vulnerability in its SAP-powered backend.
The affected website, https://nvcare.nvidia.com, uses SAP's NetWeaver, which is a framework that underpins many SAP business applications. The NetWeaver vulnerability is close to three years old and has been patched by SAP, but it appears Nvidia didn't apply the fix.
The finder of the vulnerability is simply listed as a person going by the nickname "Finger," based in China. According to the bug report, Finger notified Nvidia on Nov. 21. The status of the bug is listed as "unable to contact the vendor or actively neglected by the vendor" and notes that it was publicly released on Jan. 5.
Nvidia said in a statement it learned of the issue on Wednesday and shut the site down until it is fixed. 

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: