• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1375125

Главная Специалистам База уязвимостей Не установлено обновление Note 1375125

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1375125-6) SAP Support Packages (SAPKU40018, SAPKU50016, SAPKU52009, SAPKU60007, SAPKU70005)
Описание
The program was developed as part of the Billing Engine Framework to  utilize developers converting function modules or programs into  templates. Those templates cannot be executed in any system, but are the  basis for the Framework to generate the corresponding objects of the  Billing Engine Application. This could be again either a function module or a program.

The potential security issue exists, that the program is executed in the  productive system and modifies the template of an existing object of the  Billing application. Therefore a function module or program must be part  of the production which can be used as source for the template information.

If a user has the permission to regenerate the billing application
(which requires authorization object BEF_META), the programs of the
productive Billing application can be changed as well.
Как исправить
The program BEFG_TEMPLATE_CREATE is enhanced that it cannot be
executed in a production system. In addition the corresponding permission of authorization object BEF_META is checked.

Apply correction instruction.
Ссылки