Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1485561-4)
SAP Support Packages
(SAPKU70009, SAPKU70102)
Описание
The problem is caused by an SQL injection vulnerability. The code composes an SQL statement including strings that can be altered by a malicious user. The manipulated SQL statement can then be used to retrieve additional information from the database or to potentially modify it.
Как исправить
Assign this report to an authorization group (MD_ADMIN)
Please implement the attached correction instructions.
This fix is valid for CRM 7.01.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 700 Until SAPKU70008 |
------------------------------------------------------------------------
1. In SAP GUI, launch transaction SM30
2. Input 'TPGP' in field 'Table/View'
3. Select 'No Restrictions' in radio button group 'Restrict Data Range'
4. Click on button 'Maintain'
5. Add one row with the following columns:
Appl = 'R'
P_group = 'MD_ADMIN'
Text for auth group = 'IPM Master Data database admin'
6. Click on button 'Save' to save the change
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 701 Until SAPKU70101 |
------------------------------------------------------------------------
1. In SAP GUI, launch transaction SM30
2. Input 'TPGP' in field 'Table/View'
3. Select 'No Restrictions' in radio button group 'Restrict Data Range'
4. Click on button 'Maintain'
5. Add one row with the following columns:
Appl = 'R'
P_group = 'MD_ADMIN'
Text for auth group = 'IPM Master Data database admin'
6. Click on button 'Save' to save the change
Please implement the attached correction instructions.
This fix is valid for CRM 7.01.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 700 Until SAPKU70008 |
------------------------------------------------------------------------
1. In SAP GUI, launch transaction SM30
2. Input 'TPGP' in field 'Table/View'
3. Select 'No Restrictions' in radio button group 'Restrict Data Range'
4. Click on button 'Maintain'
5. Add one row with the following columns:
Appl = 'R'
P_group = 'MD_ADMIN'
Text for auth group = 'IPM Master Data database admin'
6. Click on button 'Save' to save the change
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 701 Until SAPKU70101 |
------------------------------------------------------------------------
1. In SAP GUI, launch transaction SM30
2. Input 'TPGP' in field 'Table/View'
3. Select 'No Restrictions' in radio button group 'Restrict Data Range'
4. Click on button 'Maintain'
5. Add one row with the following columns:
Appl = 'R'
P_group = 'MD_ADMIN'
Text for auth group = 'IPM Master Data database admin'
6. Click on button 'Save' to save the change
Ссылки