Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1375125-6)
SAP Support Packages
(SAPKU40018, SAPKU50016, SAPKU52009, SAPKU60007, SAPKU70005)
Описание
The program was developed as part of the Billing Engine Framework to utilize developers converting function modules or programs into templates. Those templates cannot be executed in any system, but are the basis for the Framework to generate the corresponding objects of the Billing Engine Application. This could be again either a function module or a program.
The potential security issue exists, that the program is executed in the productive system and modifies the template of an existing object of the Billing application. Therefore a function module or program must be part of the production which can be used as source for the template information.
If a user has the permission to regenerate the billing application
(which requires authorization object BEF_META), the programs of the
productive Billing application can be changed as well.
The potential security issue exists, that the program is executed in the productive system and modifies the template of an existing object of the Billing application. Therefore a function module or program must be part of the production which can be used as source for the template information.
If a user has the permission to regenerate the billing application
(which requires authorization object BEF_META), the programs of the
productive Billing application can be changed as well.
Как исправить
The program BEFG_TEMPLATE_CREATE is enhanced that it cannot be
executed in a production system. In addition the corresponding permission of authorization object BEF_META is checked.
Apply correction instruction.
executed in a production system. In addition the corresponding permission of authorization object BEF_META is checked.
Apply correction instruction.
Ссылки