• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1403618

Главная Специалистам База уязвимостей Не установлено обновление Note 1403618

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1403618-2)
Описание
Как исправить
* What are the affected versions?
Releases prior to and including
SAP POS v1.0 (POS v9.5 and all customer branches)
SAP POS v2.0 (POS v10.0 and all customer branches)
SAP POS v2.1 (POS v10.1 and all customer branches)
SAP POS v2.2 (POS v10.2 and all customer branches)

* How can the customer find out the used version in his systems?
To determine the version of the SAP POS application you are using, run a Manager Code 999 from the POS UI.

* What are the fixed versions and patch levels?
Core Product SAP POS v2.1 and 2.2 have been corrected and are available on Service Marketplace.

* Where and how to get the fixed versions?
Should you require a fix for this security issue, please contact Active Global Support to coordinate a fix.

* What is the risk the customer is taking if he is not patching?
Should you decide not to apply the security fix and you utilize the Pending Transaction capability within the solution, it is possible that credit card data can appear in plain text within one of the pending transaction data files.

* What is the workaround?
The workaround for this issue is to turn off the "Retain Detail" under the Pending Transaction component within the Configurator solution. This configuration change should then be deployed to all stores to prevent capturing customer credit card details to the pending transaction data files.

* What are mitigation options?
SAP has completed a security update that can be obtained from Active Global Support.

* What is the influence of the correction on productive business processes?
The security update can be applied via the Unattended Upgrade capability. For information on Unattended Upgrade, please consult your user reference manuals and documentation.

* How can the customer test whether the note is applied correctly and all related productive business processes are still working?
Once the update is complete, a customer could complete a test to determine if the credit card data is still written to the file. Ensure "Retain Detail" is turned on under the Pending Tranasaction component within the Configurator. Complete a Pending Transaction and capture customer credit card details to pay the transaction amount. Verify credit card details are not written to data.tdd. This file can be found on the POS under \rdata directory.
Ссылки