• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1494631

Главная Специалистам База уязвимостей Не установлено обновление Note 1494631

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1494631-4) SAP Support Packages (SAPK-41005INFSPM, SAPK-50004INFSPM, SAPK-51001INFSPM)
Описание
The problem may be caused by an SQL injection vulnerability. In the  source code, an SQL statement is made up of strings. An attacker may be  able to gain control over the contents of a substring. Using the  substring, the attacker may be able to manipulate the resulting entire  statement and execute all SQL statements using the rights of the database user that is logged on.
Как исправить
For an advance correction, implement the source code corrections and perform the manual tasks.



------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component FSPM Financial Servi...|
| Release 410 SAPK-41001INFSPM - SAPK-41004INFSPM |
| Release 500 SAPK-50001INFSPM - SAPK-50003INFSPM |
| Release 510 w/o Support Packages |
------------------------------------------------------------------------

Call transaction /PM0/3FW_CHG_ORIG.

Double-click "Workplace" and load application 00001 (FS-PM).

Choose the following path:
00001
-> Meta Model
-> Object Models
-> Persistence Models

Edit the persistence model with the persistence service ID "EMPLYR_/PM0/ABDMEMPLYR".

Delete the template name "/PM0/TL_ABM_DAU_DAO" from the "Generation Data - Dialog Processing".

Save your entries.
Ссылки