[ISN] Nvidia takes customer site offline after SAP bug found

http://news.techworld.com/security/3496323/nvidia-takes-customer-site-offline-after-sap-bug-found/ By Jeremy Kirk Techworld.com 09 January 2014 Graphics chipmaker Nvidia took a customer service website offline Wednesday following a public report of a vulnerability in its SAP-powered backend. The affected website, https://nvcare.nvidia.com, uses SAP’s NetWeaver, which is a framework that underpins many SAP business applications. The NetWeaver vulnerability is close to three years old and has been patched by SAP, but it appears Nvidia didn’t apply the fix. The finder of the vulnerability is simply listed as a person going by the nickname “Finger,” based in China. According to the bug report, Finger notified Nvidia on Nov. 21. The status of the bug is listed as “unable to contact the vendor or actively neglected by the vendor” and notes that it was publicly released on Jan. 5. Nvidia said in a statement it learned of the issue on Wednesday and shut the site down until it is fixed. […]