• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1480212

Главная Специалистам База уязвимостей Не установлено обновление Note 1480212

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1480212-7) SAP Support Packages (SAPKU40018, SAPKU50017, SAPKU52011, SAPKU60008, SAPKU70008)
Описание
The program was developed as part of the Billing Engine Framework to  utilize developers splitting of includes or programs into templates.  Those templates cannot be executed in any system, but are the basis for  the Framework to generate the corresponding objects of the Billing  Engine Application. This could be again either a function module or a program.

The potential security issue exists, that the program is executed in the  productive system and modifies the template of an existing object of the  Billing application. Therefore a function module or program must be part  of the production which can be used as source for the template information.

If a user has the permission to regenerate the billing application
(which requires authorization object BEF_META), the programs of the
productive Billing application can be changed as well.
Как исправить
The program BEFG_SOURCE_EXTRACT is enhanced that it cannot be
executed in a production system. In addition the corresponding permission of authorization object BEF_META is checked.

Apply correction instruction.
Ссылки