Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1466609-2)
SAP Support Packages
(SAPKB71106, SAPKB72004)
Описание
The code of package SEEF_COPY cannot be accessed by the user interface of the enhancement framework. But the code can be invoked by other ABAP code and exploit either the backdoor capability or enable the execution of malicious code (code injection) and harm the system by information disclosure, leveraging of privilegs or misfunction of the application.
To minimize any security risk the critical code has been removed.
To minimize any security risk the critical code has been removed.
Как исправить
Apply the support package mentioned in this note.
An individual correction instruction is not available due to the complexity of the code artifacts to be removed.
An individual correction instruction is not available due to the complexity of the code artifacts to be removed.
Ссылки