Welcome!

Java Authors: Xenia von Wedel, Elizabeth White, Liz McMillan, Ali Hussain, David Tishgart

News Feed Item

Application Security, Inc.’s TeamSHATTER Discovers Nine Database Vulnerabilities In Sybase Adaptive Server Enterprise (ASE) Patch

Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced that TeamSHATTER’s Esteban Martinez Fayo and Martin Rakhmanov, both Technical Leads, have been credited by Sybase for discovering and reporting nine database-related vulnerabilities. The nine patches were issued for the Adaptive Server Enterprise (ASE) and announced in an urgent customer notice on January 8.

The ASE vulnerabilities range from issues that allow any local authenticated user to acquire the sa password to issues circumventing built-in Java security, allowing the execution of arbitrary code. CVSS scores range from 1.6 to 8.3. The urgent notice includes patches for Sybase ASE 15, 15.5 and 15.7.

“Sybase has worked diligently to fix security flaws in the ASE line, and customers should immediately deploy these patches to ensure systems are not left open to attack,” said Alex Rothacker, Director of Security Research, AppSecInc’s TeamSHATTER. “It’s crucial for organizations to patch databases in a timely manner. Most of the data breaches that we see could have been easily prevented by simple measures, like making sure new patches are deployed.”

The TeamSHATTER vulnerability knowledgebase is the largest and most up-to-date offering of its kind. By identifying and remediating critical database vulnerabilities, TeamSHATTER helps to ensure that AppSecInc customer data is safe from internal and external threats.

AppSecInc supports Sybase patch cycles by updating its market-leading solutions, AppDetectivePro for security and risk professionals and DbProtect for the enterprise with the appropriate scanning checks and monitoring filters through its monthly ASAP Update™ (Application Security Automatic Protection) process. DbProtect updates will include monitoring filters for the new security vulnerabilities, enabling customers to protect sensitive information during the deployment of new patches across their database infrastructure.

About TeamSHATTER
TeamSHATTER, the research arm of Application Security, Inc., is the largest dedicated database security, vulnerability and misconfiguration research team in the world. TeamSHATTER maintains the most comprehensive knowledgebase of database vulnerability and misconfiguration checks in the industry and understands how to make security an integral part of an enterprise’s database security and network management infrastructure. TeamSHATTER regularly publishes security advisories, technical papers and research information on www.TeamSHATTER.com.

About Application Security, Inc.
AppSecInc is a pioneer and leading provider of database security solutions for enterprise of all sizes. By providing easy to deploy and manage, highly scalable software-only solutions – AppDetectivePro for security and risk professionals, and DbProtect for the enterprise – AppSecInc helps customers achieve unprecedented levels of data security, while reducing overall risk and helping to ensure continuous regulatory and industry compliance. Used by more than 1,300 active commercial and government customers worldwide, our proven and award-winning enterprise solutions are backed by the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER.

For more information, please visit: www.appsecinc.com and follow us on Twitter: www.twitter.com/appsecinc | http://www.twitter.com/teamshatter

DbProtect and AppDetectivePro are trademarks of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.