• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1471118

Главная Специалистам База уязвимостей Не установлено обновление Note 1471118

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1471118-2) SAP Support Packages (SAP_TECH_S_640_OFFLINE_SP027_000000, SAP_TECH_S_640_OFFLINE_SP999999_999999, SAP_TECH_S_700_OFFLINE_SP023_000000, SAP_TECH_S_700_OFFLINE_SP999999_999999, SAP_TECH_S_OFFLINE_701_SP008_000000, SAP_TECH_S_OFFLINE_701_SP999999_999999, SAP_TECH_S_OFFLINE_702_SP005_000000, SAP_TECH_S_OFFLINE_702_SP999999_999999, WEB_DYNPRO_RUNTIME_710_SP011_000000, WEB_DYNPRO_RUNTIME_710_SP999999_999999, WEB_DYNPRO_RUNTIME_711_SP006_000000, WEB_DYNPRO_RUNTIME_711_SP999999_999999, WEB_DYNPRO_RUNTIME_720_SP004_000000, WEB_DYNPRO_RUNTIME_720_SP999999_999999)
Описание
Information such as the Software Deployment Manager(SDM) user passwords  can be discovered through the use of a batch file named wdResMod.bat,  residing on the SAP Java Web Application Server's filesystem. The  password disclosed here is only a dummy value and not the actual SDM password.
Как исправить
The issue described above has been fixed by removing the wdResMod.bat file altogether as this file is not relevant for SAP customers.

The above fix will be available in the latest SP of WebDynpro for Java on all realeases. In section "SP Patch Level" you can find information on which patches contain the respective correction. Please install this patch or a newer one as WebDynpro patches are always cumulative.

Information on how to apply the WebDynpro for Java patches for releases NetWeaver 6.40, 7.00, 7.01 & 7.02 can be found in the SAP Note #1395627.

Information on how to apply the WebDynpro for Java patches for releases NetWeaver 7.10, 7.11 & 7.20 can be found in the SAP Note #1395865.
Ссылки