Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1478756-1)
SAP Support Packages
(SAPKH31IB9, SAPKH40B89, SAPKH45B67, SAPKH46B62, SAPKH46C61, SAPKH47035, SAPKH50024, SAPKH60018, SAPKH60208, SAPKH60307, SAPKH60407, SAPKH60502)
Описание
The program code allows source code that can be determined freely to be added and executed, which enables an attacker to control the system response. For this, valid logon information and the authorization to execute ABAP reports in CO reporting are required.
Depending on the source code added, the attacker can obtain unauthorized access to data and change or delete it; the attacker can also change system output or create new users, and bring about a denial of service.
Depending on the source code added, the attacker can obtain unauthorized access to data and change or delete it; the attacker can also change system output or create new users, and bring about a denial of service.
Как исправить
As of Release 6.06, the problem no longer occurs. Implement the attached corrections in advance.
Ссылки