• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1456569

Главная Специалистам База уязвимостей Не установлено обновление Note 1456569

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1456569-3) SAP Support Packages (SAPKB64028, SAPKB70023, SAPKB70108, SAPKB70205, SAPKB71012, SAPKB71106, SAPKB72004)
Описание
Affected release: SAP_BASIS 640, 700, 710, 720.

The problem is caused by an SQL injection vulnerability. The code  composes an SQL statement that contains strings that can be altered by a  malicious user. The manipulated SQL statement can then be used to modify information in the database.
Как исправить
Import the Support Package corresponding to your release or implement the correction instructions. Please note that the correction is already contained in Support Package 5 of release 7.02.

We strongly recommend that you implement this note to eliminate this security flaws. We do not assume any responsibility if you omit to implement this note and any damage occurs as a result.

The corrections do not have an influence on the normal function of the application.

After implementing the note, you can no longer use this gap. Instead, each attempt will be logged in the system log with the message: 'IM 0 Attack from:' and additional information.
The import of the Support Package will delete the unsecure coding.
Ссылки