Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1462417-2)
SAP Support Packages
(SAPKY50018, SAPKY51014, SAPKY70007, SAPKY70102)
Описание
In an RFC module, authorization checks that regulate access to functions are missing. A user that is logged on can simply call these functions without these checks and this may result in an unwanted change to the system behavior.
Как исправить
You can implement corrections manually or using the Note Assistant before you import the Support Package specified in this note.
The relevant authorization object is not yet available for Release SCM 500. Therefore, the source code has been adjusted in such a way that critical database changes are not executed within the RFC module.
For all subsequent releases, the system checks the authorization object /FRE/AREA that must be assigned to a user to execute transaction /FRE/FRP_ADMIN.
The relevant authorization object is not yet available for Release SCM 500. Therefore, the source code has been adjusted in such a way that critical database changes are not executed within the RFC module.
For all subsequent releases, the system checks the authorization object /FRE/AREA that must be assigned to a user to execute transaction /FRE/FRP_ADMIN.
Ссылки