http://news.techworld.com/security/3496323/nvidia-takes-customer-site-offline-after-sap-bug-found/
By Jeremy Kirk
Techworld.com
09 January 2014
Graphics chipmaker Nvidia took a customer service website offline
Wednesday following a public report of a vulnerability in its SAP-powered
backend.
The affected website, https://nvcare.nvidia.com, uses SAP's NetWeaver,
which is a framework that underpins many SAP business applications. The
NetWeaver vulnerability is close to three years old and has been patched
by SAP, but it appears Nvidia didn't apply the fix.
The finder of the vulnerability is simply listed as a person going by the
nickname "Finger," based in China. According to the bug report, Finger
notified Nvidia on Nov. 21. The status of the bug is listed as "unable to
contact the vendor or actively neglected by the vendor" and notes that it
was publicly released on Jan. 5.
Nvidia said in a statement it learned of the issue on Wednesday and shut
the site down until it is fixed.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
