• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1488609

Главная Специалистам База уязвимостей Не установлено обновление Note 1488609

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1488609-4) SAP Support Packages (SAPKB64027, SAPKB70023, SAPKB70108, SAPKB70205, SAPKB70206, SAPKB70207, SAPKB71011, SAPKB71012, SAPKB71106, SAPKB71107, SAPKB73001)
Описание
A remote enabled function module lacks permission checks for an  authenticated user's authorization to access configuration data remotely.
Как исправить
Option 1:
a.) Apply the corresponding Support Package to your system:

6.40 SP 27
7.00 SP 23
7.01 SP 8
7.02 SP 6
7.10 SP 11
7.11 SP 6

b.) Extend the activities of the role SAP_BC_AI_LANDSCAPE_DB_RFC using transaction pfcg: Choose tab "Authorizations" --> change to edit mode --> press button "Change Authorizations" --> extend the authorization for LCR Database by the read (No.33) and administer (No. 70) activity.
Save the changes and generate the profile.

c.) The authority check is switched off by default. To activate the authority check set the following parameter: run transaction sxmb_adm --> choose "Integration Engine Configuration" --> press button "Specific Configuration" --> switch to edit mode --> press button "New Entries" and add following setting:

Category: Runtime
Parameters: EX_PROFILE_READ_AUTH
Current Value: 1

Save the changes.



Option 2 (activities in SPs lower than SPs in option 1):

a.) Change first following objects in your system and apply the note.

Details to the objects:

1. Change Authorization Object using transaction su21: S_LCRDB --> add activities 'read' (No. 33) and 'administer' (No.70).

2. Run transaction sm30 --> maintain table SXMSCONFDF --> add entry

Category: RUNTIME
Parameter: EX_PROFILE_READ_AUTH
Value: 0 (default value - so check is deactivated)
Documentation Object: XMB_OP_RUNTIME
Subparam. Dynamic: No

3. Import the note corrections.

b.) Extend the activities of the role SAP_BC_AI_LANDSCAPE_DB_RFC using transaction pfcg: Choose tab "Authorizations" --> change to edit mode --> press button "Change Authorizations" --> extend the authorization for LCR Database by the read (No.33) and administer (No. 70) activity.
Save the changes and generate the profile.

c.) The authority check is switched off by default. To activate the authority check set the following parameter: run transaction sxmb_adm --> choose "Integration Engine Configuration" --> press button "Specific Configuration" --> switch to edit mode --> press button "New Entries" and add following setting:

Category: Runtime
Parameters: EX_PROFILE_READ_AUTH
Current Value: 1

Save the changes.




------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 640 SAPKB64014 - SAPKB64026 |
| Release 700 SAPKB70018 - SAPKB70022 |
| Release 710 SAPKB71005 - SAPKB71010 |
| Release 711 SAPKB71102 - SAPKB71105 |
| Release 701 SAPKB70103 - SAPKB70107 |
| Release 702 SAPKB70202 - SAPKB70205 |
------------------------------------------------------------------------

Please check the long text. The manual activities are describe within option 2.
Ссылки