• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1474431

Главная Специалистам База уязвимостей Не установлено обновление Note 1474431

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1474431-3) SAP Support Packages (SAPK-70408INBICONT, SAPK-70502INBICONT)
Описание
There is a program error.

The security hole allows reading from database tables that have the following structure (both requirements must be met):
1. The table must have a field with the name LOCATION_INT or  LOCATION_EXT. By "or" we mean inclusive. The data type of this field/these fields must be character-type.
2. The table must have one of the following fields: Field name CALWEEK  (type - character-type), field name CALMONTH (type - character-type),  field name CALYEAR (type - character-type), field name DATEFROM (type - date).
In this case, the following fields (if present in the table) can be read  along with the fields mentioned above. If the field has a data type that  differs from the type specified in brackets, then a runtime error occurs.
DATETO (date)
PRODUCT_INT (character-type)
PRODUCT_EXT (character-type)
PROMO_INT (character-type)
PROMO_CREANO (character-type)
PROMO_MEDIATYPE (character-type)
PROMO_OFFERTYPE (character-type)
PROMO_CUSTTYPE (character-type)
SALES_QTY (packed number, type P)
SALES_RTL (packed number, type P)
SALES_TAX (packed number, type P)
SALES_CST (packed number, type P)
SALES_QTY_UNIT (character-type)
SALES_RTL_CUKY (character-type)
SALES_TAX_CUKY (character-type)
SALES_CST_CUKY (character-type)
Как исправить
Implement the attached correction instructions.
Ссылки