Brittney Griner Freed RSV Facts 17 Superb Gift Ideas 19 Gizmo and Gadget Gifts Diablo 4 'Harry & Meghan' Series Lensa AI Selfies The Game Awards: How to Watch
Want CNET to notify you of price drops and the latest stories?
No, thank you

SAP flaw may expose information

A flaw in a component of SAP's business software could allow unintended access to information on the server running the software.

A flaw in a component of SAP's business software could expose sensitive information on corporate networks, security researchers warned Monday. The bug, which allows unintended access to data on the server running the software, lies in the Internet Graphics Server in SAP's R/3, according to Corsaire, the British security company that discovered the flaw. Security monitoring company Secunia rates the issue "moderately critical." The U.K. National Infrastructure Security Co-ordination Centre said in an advisory that the issue poses a "high" risk.

SAP's R/3 is used by organizations to carry out accounting, human resources and other corporate tasks. The IGS component has Web server functionality that does not validate information passed to it, according to Corsaire. As a result, it is possible to access data on the system that runs IGS beyond that meant to be available, Corsaire said. SAP has fixed the issue in version 6.40 patch 11 or later, according to Secunia.