• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1227858

Главная Специалистам База уязвимостей Не установлено обновление Note 1227858

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Support Packages (SAPKH60015, SAPKH60016, SAPKH60017, SAPKH60018, SAPKH60019, SAPKH60020, SAPKH60021, SAPKH60022, SAPKH60023, SAPKH60024, SAPKH60025, SAPKH60026, SAPKH60027, SAPKH60028, SAPKH60029, SAPKH60030, SAPKH60031, SAPKH60032, SAPKH60033, SAPKH60034, SAPKH60210, SAPKH60211, SAPKH60212, SAPKH60213, SAPKH60214, SAPKH60215, SAPKH60216, SAPKH60217, SAPKH60218, SAPKH60219, SAPKH60220, SAPKH60221, SAPKH60222, SAPKH60223, SAPKH60224, SAPKH6025, SAPKH6026, SAPKH6027, SAPKH6028, SAPKH6029, SAPKH60310, SAPKH60311, SAPKH60312, SAPKH60313, SAPKH60314, SAPKH60315, SAPKH60316, SAPKH60317, SAPKH60318, SAPKH60319, SAPKH60320, SAPKH60321, SAPKH60322, SAPKH60323, SAPKH6034, SAPKH6035, SAPKH6036, SAPKH6037, SAPKH6038, SAPKH6039, SAPKH60410, SAPKH60411, SAPKH60412, SAPKH60413, SAPKH60414, SAPKH60415, SAPKH60416, SAPKH60417, SAPKH60418, SAPKH60419, SAPKH6042, SAPKH60420, SAPKH60421, SAPKH6043, SAPKH6044, SAPKH6045, SAPKH6046, SAPKH6047, SAPKH6048, SAPKH6049, CRM_JAVA_APPLICATIONS_50_999999_999999, CRM_JAVA_APPLICATIONS_50_SP012_000008, CRM_JAVA_APPLICATIONS_50_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_50_999999_999999, CRM_JAVA_WEB_COMPONENTS_50_SP012_000008, CRM_JAVA_WEB_COMPONENTS_50_SP999999_999999, SAP_SHARED_JAVA_APPLIC_50_999999_999999, SAP_SHARED_JAVA_APPLIC_50_SP012_000008, SAP_SHARED_JAVA_APPLIC_50_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_50_999999_999999, SAP_SHARED_JAVA_COMPONENTS_50_SP012_000008, SAP_SHARED_JAVA_COMPONENTS_50_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_50_999999_999999, SAP_SHARED_WEB_COMPONENTS_50_SP012_000008, SAP_SHARED_WEB_COMPONENTS_50_SP999999_999999, SAPKH60014, SAPKH60204, SAPKH60303, SAPKH60401) SAP Notes (1227858-2)
Описание
An authorization check is missing.
Как исправить
This is a correction of the ABAP source code and the Java source code.

The ABAP source code corrections are contained in standard systems as of the following releases:
Support Package 14 for Release ERP 2005
Support Package 04 for Release ERP 5.0 Enhancement Package 2
Support Package 03 for Release ERP 5.0 Enhancement Package 3
Support Package 01 for Release ERP 5.0 Enhancement Package 4
For an advance correction, implement the correction instructions in this note.

Support Package 13 for CRM E-Commerce Release 5.0 corrects the Java source code. You can apply a Java patch for an advance correction. Note 877887 contains information about importing the Java patch.

Note that due to the corrections of authorization value "S", the authorization ISA_UADM is no longer valid for the agent scenario. Instead, authorization value "A" for agent must be assigned to the user roles for the ERP BOB agent scenario. The authorization value "M" for the Web shop manager is still valid. This means that a distinction can be made between Internet users who use the Web-based user management as a super user (S) and agents (A) who use the ERP agent scenario.
Ссылки