|[January 10, 2013]
Application Security, Inc.'s TeamSHATTER Discovers Nine Database Vulnerabilities In Sybase Adaptive Server Enterprise (ASE) Patch
NEW YORK --(Business Wire)--
Security, Inc. (AppSecInc), the leading provider of database
security solutions for the enterprise, today announced that
TeamSHATTER's Esteban Martinez Fayo and Martin Rakhmanov, both Technical
Leads, have been credited by Sybase (News - Alert) for discovering and reporting nine
database-related vulnerabilities. The nine patches were issued for the
Adaptive Server Enterprise (ASE) and announced in an urgent customer
notice on January 8.
The ASE vulnerabilities range from issues that allow any local
authenticated user to acquire the sa password to issues circumventing
built-in Java security, allowing the execution of arbitrary code. CVSS
scores range from 1.6 to 8.3. The urgent notice includes patches for
Sybase ASE 15, 15.5 and 15.7.
"Sybase has worked diligently to fix security flaws in the ASE line, and
customers should immediately deploy these patches to ensure systems are
not left open to attack," said Alex Rothacker, Director of Security
Research, AppSecInc's TeamSHATTER. "It's crucial for organizations to
patch databases in a timely manner. Most of the data breaches that we
see could have been easily prevented by simple measures, like making
sure new patches are deployed."
vulnerability knowledgebase is the largest and most up-to-date
offering of its kind. By identifying and remediating critical database
vulnerabilities, TeamSHATTER helps to ensure that AppSecInc customer
data is safe from internal and external threats.
AppSecInc supports Sybase patch cycles by updating its market-leading
for security and risk professionals and DbProtect
for the enterprise with the appropriate scanning checks and monitoring
filters through its monthly ASAP Update™ (Application Security (News - Alert) Automatic
Protection) process. DbProtect updates will include monitoring filters
for the new security vulnerabilities, enabling customers to protect
sensitive information during the deployment of new patches across their
TeamSHATTER, the research arm of
Application Security, Inc., is the largest dedicated database security,
vulnerability and misconfiguration research team in the world.
TeamSHATTER maintains the most comprehensive knowledgebase of database
vulnerability and misconfiguration checks in the industry and
understands how to make security an integral part of an enterprise's
database security and network management infrastructure. TeamSHATTER
regularly publishes security advisories, technical papers and research
information on www.TeamSHATTER.com.
About Application Security, Inc.
AppSecInc is a pioneer and
leading provider of database security solutions for enterprise of all
sizes. By providing easy to deploy and manage, highly scalable
software-only solutions - AppDetectivePro for security and risk
professionals, and DbProtect for the enterprise - AppSecInc helps
customers achieve unprecedented levels of data security, while reducing
overall risk and helping to ensure continuous regulatory and industry
compliance. Used by more than 1,300 active commercial and government
customers worldwide, our proven and award-winning enterprise solutions
are backed by the world's most comprehensive database security
knowledgebase from the company's renowned team of threat researchers,�TeamSHATTER.
For more information, please visit:�www.appsecinc.com�and
follow us on Twitter (News - Alert):�www.twitter.com/appsecinc�|
DbProtect and AppDetectivePro are trademarks of Application Security,
Inc. All other product names, service marks, and trademarks mentioned
herein are trademarks of their respective owners.
[ InfoTech Spotlight's Homepage ]