• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1420281

Главная Специалистам База уязвимостей Не установлено обновление Note 1420281

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1420281-3) SAP Support Packages (SAPKH46C60, SAPKH47034, SAPKH50023, SAPKH60017, SAPKH60018, SAPKH60207, SAPKH60306, SAPKH60406)
Описание
The sole purpose of this function was to enable the well-trained SAP  Support experts to provide a fast solution for customers in a highly critical situation.
The special function &SAP_EDIT was protected in the system by the highest developer authorization that could be assigned.
Due to the circulation of this function in the Internet, security  breaches have been detected in the customer authorization concepts.
Users could execute this function because they had the required authorization, which should not have been the case.
Как исправить
Implement this note. This deactivates the SAP Support function &SAP_EDIT completely.
Note that the same source code corrections for this note are delivered in Release 600 with Support Package 17 and Support Package 18.
Ссылки