Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

Defending & Exploiting SAP Systems

50%
50%

Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security, and how to begin fixing them.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
bcodezinfo1
50%
50%
bcodezinfo1,
User Rank: Apprentice
1/5/2017 | 12:40:50 AM
Re: interesting video
nice video.

 

this really helps my job and can save my work - IFSC - MICR
saiopen
50%
50%
saiopen,
User Rank: Apprentice
2/13/2016 | 8:15:29 AM
Re: interesting video
nice post
billiy57
100%
0%
billiy57,
User Rank: Apprentice
10/8/2015 | 5:24:52 PM
interesting video
interesting video ! nice information for my job, Thanks
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11586
PUBLISHED: 2020-04-06
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVE-2020-11587
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
CVE-2020-11589
PUBLISHED: 2020-04-06
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
CVE-2020-11590
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
CVE-2020-11591
PUBLISHED: 2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.