Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1456569-3)
SAP Support Packages
(SAPKB64028, SAPKB70023, SAPKB70108, SAPKB70205, SAPKB71012, SAPKB71106, SAPKB72004)
Описание
Affected release: SAP_BASIS 640, 700, 710, 720.
The problem is caused by an SQL injection vulnerability. The code composes an SQL statement that contains strings that can be altered by a malicious user. The manipulated SQL statement can then be used to modify information in the database.
The problem is caused by an SQL injection vulnerability. The code composes an SQL statement that contains strings that can be altered by a malicious user. The manipulated SQL statement can then be used to modify information in the database.
Как исправить
Import the Support Package corresponding to your release or implement the correction instructions. Please note that the correction is already contained in Support Package 5 of release 7.02.
We strongly recommend that you implement this note to eliminate this security flaws. We do not assume any responsibility if you omit to implement this note and any damage occurs as a result.
The corrections do not have an influence on the normal function of the application.
After implementing the note, you can no longer use this gap. Instead, each attempt will be logged in the system log with the message: 'IM 0 Attack from:' and additional information.
The import of the Support Package will delete the unsecure coding.
We strongly recommend that you implement this note to eliminate this security flaws. We do not assume any responsibility if you omit to implement this note and any damage occurs as a result.
The corrections do not have an influence on the normal function of the application.
After implementing the note, you can no longer use this gap. Instead, each attempt will be logged in the system log with the message: 'IM 0 Attack from:' and additional information.
The import of the Support Package will delete the unsecure coding.
Ссылки