Information Security News
mailing list archives
Nvidia takes customer site offline after SAP bug found
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 9 Jan 2014 06:18:44 +0000 (UTC)
By Jeremy Kirk
09 January 2014
Graphics chipmaker Nvidia took a customer service website offline
Wednesday following a public report of a vulnerability in its SAP-powered
The affected website, https://nvcare.nvidia.com, uses SAP's NetWeaver,
which is a framework that underpins many SAP business applications. The
NetWeaver vulnerability is close to three years old and has been patched
by SAP, but it appears Nvidia didn't apply the fix.
The finder of the vulnerability is simply listed as a person going by the
nickname "Finger," based in China. According to the bug report, Finger
notified Nvidia on Nov. 21. The status of the bug is listed as "unable to
contact the vendor or actively neglected by the vendor" and notes that it
was publicly released on Jan. 5.
Nvidia said in a statement it learned of the issue on Wednesday and shut
the site down until it is fixed.
Subscribe to InfoSec News
- Nvidia takes customer site offline after SAP bug found InfoSec News (Jan 09)