Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1473327-1)
Описание
Buffer overflow vulnerability exists in SAP Crystal Server 2008. This enables a malicious user to inject code into the working memory that is subsequently executed by the application. It can also be used to cause a general fault in the product, thereby producing a termination of the product.
Как исправить
Workaround: SSL over Corba should be setup for the server tier. Moreover, it is recommended to place the CMS service behind a firewall and to disable Corba traffic from external network.
Patch:
XIR2 customers should install FixPack 6.3
XIR3 customers should install Fixpack 2.8 or 3.1
Patch:
XIR2 customers should install FixPack 6.3
XIR3 customers should install Fixpack 2.8 or 3.1
Ссылки