Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1463392-4)
SAP Support Packages
(SAPKB70205)
Описание
The problem is caused by an SQL injection vulnerability. The code composes an SQL statement including strings that can be altered by a malicious user. The manipulated SQL statement can then be used to retrieve additional information from the database or to potentially modify it.
Как исправить
A check is been implemented now to ensure valid trace table.
Please implement the automatic corrections attached with the note.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 702 Until SAPKB70204 |
------------------------------------------------------------------------
Please create a short text with following details:
Transaction SE91
Message Class : FDT_TRACE_INFO
Num : 205
Enter message short text :
"Invalid lean trace database table name"
Save the changes.
Please implement the automatic corrections attached with the note.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 702 Until SAPKB70204 |
------------------------------------------------------------------------
Please create a short text with following details:
Transaction SE91
Message Class : FDT_TRACE_INFO
Num : 205
Enter message short text :
"Invalid lean trace database table name"
Save the changes.
Ссылки