• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1361038

Главная Специалистам База уязвимостей Не установлено обновление Note 1361038

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1361038-4) SAP Support Packages (SAPK-60017INISM, SAPK-60207INISM, SAPK-60306INISM, SAPK-60404INISM, SAPKIPPL31, SAPKIPPM24, SAPKIPPN18)
Описание
The report RJ-JXINI generates and executes ABAP source code. This is unnecessary.
Due to dynamic ABAP statements, the generation of ABAP source code is not required.
These corrections are relevant, only if the system includes a user that has IS-Media-specific authorizations of this type.
The risk that incorrect entries in the field TMC4-GSTRU result in  unintentional changes in the database exists, only if a user has access  to this Customizing table (either directly in the production system or  in a separate Customizing system from which the changes are subsequently transported to the production system).
To execute the report RJ-JXINI, the user then requires an authorization  for the authorization object S_PROGRAM for the authorization group  JVISLONE and an authorization for the authorization object M_NEUA_AUS for the application J1.
Как исправить
Implement the corrections specified in the correction instruction. As a result, the report RJ-JXINI is changed so that dynamic database statements are used instead of the generated ABAP source code. This prevents unintentional actions from being performed due to incorrect entries in TMC4-GSTRU.
Ссылки