• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1450529

Главная Специалистам База уязвимостей Не установлено обновление Note 1450529

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1450529-2)
Описание
Affected release: SAP Solution Manager ST400
Fixed versions and patch levels: ST400 SP23

Reasons and prerequisites for the vulnerabilities:
SQL injection
           The problem is caused by a SQL injection vulnerability.  The code  composes a SQL statement including strings which can be altered by a  malicious user. The manipulated SQL statement can then be used to  retrieve additional information from database or potentially modify it.
Hard-coded user names (Backdoor)
           The program code contains a hard-coded username which changes the  system's behaviour should a user logon with hard-coded username  successfully. The user may obtain additional information which should not be displayed.
Как исправить
Install the corresponding support package or implement this SAP Note via Note Assistant (transaction SNOTE).
Ссылки