At the end of 2011, SAP products proved to contain a whole number of vulnerabilities (one, two, and three – in Russian) that would have allowed conducting a DoS attack. The vulnerabilities were detected by Vladimir Zarichny, a specialist of Positive Research.
The details of the vulnerabilities were provided to the vendor, and in May, 2012, SAP released a patch that fixes these and some other security flaws. The specialist’s work has been acknowledged by the SAP Product Security Response team: Vladimir’s name has been placed on SAP’s wall of fame (Acknowledgements Page).
This is far from being the only one example of a successful cooperation between Positive Research experts and SAP specialists that results in elimination of severe security flaws. At present, the vendor developers are working on a patch that fixes another vulnerability detected by the Positive Research experts (Ilya Smith, Maksim Tsoy, Kirill Mosolov, and Evgeny Ryzhov).