Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1489098-2)
SAP Support Packages
(SAPKH31IB9, SAPKH40B89, SAPKH45B67, SAPKH46B62, SAPKH46C62, SAPKH47035, SAPKH50024, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60502)
Описание
The program contains instructions that enable a user to execute code of the user#s choice, which changes the system#s behavior. In this case, the user must be logged on to the system with a valid access.
Depending on the code that the user injects, the user may obtain additional information to which no actual access was granted. The user may also be able to modify data, delete data, modify the output of the system or create new users with higher privileges. The availability of the system is still endangered.
Depending on the code that the user injects, the user may obtain additional information to which no actual access was granted. The user may also be able to modify data, delete data, modify the output of the system or create new users with higher privileges. The availability of the system is still endangered.
Как исправить
By implementing the corrections, transaction GENC is no longer executed in the production environment.
Ссылки