Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1471069-6)
SAP Support Packages
(EP_RUNTIME_710_SP011_000000, EP_RUNTIME_710_SP999999_999999, EP_RUNTIME_711_SP006_000000, EP_RUNTIME_711_SP999999_999999, EP_RUNTIME_720_SP004_000000, EP_RUNTIME_720_SP999999_999999, PORTAL_700_SP018_000009, PORTAL_700_SP019_000007, PORTAL_700_SP020_000007, PORTAL_700_SP021_000004, PORTAL_700_SP022_000002, PORTAL_700_SP023_000000, PORTAL_700_SP999999_999999, PORTAL_701_SP003_000009, PORTAL_701_SP004_000008, PORTAL_701_SP005_000008, PORTAL_701_SP006_000012, PORTAL_701_SP007_000002, PORTAL_701_SP008_000000, PORTAL_701_SP999999_999999, PORTAL_702_SP003_000005, PORTAL_702_SP004_000005, PORTAL_702_SP005_000000, PORTAL_702_SP999999_999999)
Описание
Prerequisites:
ABAP Security Sessions is enabled in the back-end and:
- SAP NetWeaver 7.00 SP22 and down is installed.
- SAP NetWeaver 7.01 SP7 and down is installed.
- SAP NetWeaver 7.02 SP4 and down is installed.
- SAP NetWeaver 7.10 SP10 and down is installed.
- SAP NetWeaver 7.11 SP5 and down is installed.
- SAP NetWeaver 7.20 SP3 and down is installed.
- SAP NetWeaver 7.30 SP0 is installed.
ABAP Security Sessions is enabled in the back-end and:
- SAP NetWeaver 7.00 SP22 and down is installed.
- SAP NetWeaver 7.01 SP7 and down is installed.
- SAP NetWeaver 7.02 SP4 and down is installed.
- SAP NetWeaver 7.10 SP10 and down is installed.
- SAP NetWeaver 7.11 SP5 and down is installed.
- SAP NetWeaver 7.20 SP3 and down is installed.
- SAP NetWeaver 7.30 SP0 is installed.
Как исправить
In order to enable the enhancement, do the following steps:
1. Navigate in the portal to the system object and open it for edit.
2. Navigate to 'connector' section.
3. Change the property 'ABAP HTTP Security Sessions Enabled' value to 'Yes'.
If patch installation was applied, than the new property ('ABAP HTTP Security Sessions Enabled') will not appear in the property editor of the system object. In order to update the system with this property follow the manual steps described in the attached document 'update_system.doc' (zipped in 'Update_System.zip').
Note: If from some reason in the back-end the ABAP HTTP Security Sessions feature is disabled this property must be reconfigured to 'No', otherwise session to the back-end will not be terminated.
1. Navigate in the portal to the system object and open it for edit.
2. Navigate to 'connector' section.
3. Change the property 'ABAP HTTP Security Sessions Enabled' value to 'Yes'.
If patch installation was applied, than the new property ('ABAP HTTP Security Sessions Enabled') will not appear in the property editor of the system object. In order to update the system with this property follow the manual steps described in the attached document 'update_system.doc' (zipped in 'Update_System.zip').
Note: If from some reason in the back-end the ABAP HTTP Security Sessions feature is disabled this property must be reconfigured to 'No', otherwise session to the back-end will not be terminated.
Ссылки