Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1415665-5)
SAP Support Packages
(SAPKITL433)
Описание
The problem is caused by an SQL injection vulnerability. The code composes a WHERE clause including strings which can be altered by a malicious user. The manipulated SQL statement can then be used to retrieve additional information from the database.
Как исправить
The dynamic WHERE clause is replaced by a fixed WHERE clause. Import the relevant Solution Manager Support Package or use the SAP Note Assistant to implement this SAP Note.
Ссылки