Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1493299-1)
SAP Support Packages
(SAPKU70009, SAPKU70102)
Описание
The problem is caused by an SQL injection vulnerability. The code composes an SQL statement including strings that can be altered by a malicious user. The manipulated SQL statement can then be used to modify information in the database.
Как исправить
Install the relevant correction instruction that is attached to this note.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 700 Until SAPKU70008 |
| Release 701 Until SAPKU70101 |
------------------------------------------------------------------------
Start transaction 'SE38'
Enter 'CRM_MKTHV_LBP_GUID_SELECT_TEST' in field 'Program'
Select radio button 'Text elements'
Click on button 'Change'
In column 'Sym' enter '005', in column 'Text' enter 'Only DB Table 'CRMD_TEST_LBP' is allowed'
Activate the changes
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 700 Until SAPKU70008 |
| Release 701 Until SAPKU70101 |
------------------------------------------------------------------------
Start transaction 'SE38'
Enter 'CRM_MKTHV_LBP_GUID_SELECT_TEST' in field 'Program'
Select radio button 'Text elements'
Click on button 'Change'
In column 'Sym' enter '005', in column 'Text' enter 'Only DB Table 'CRMD_TEST_LBP' is allowed'
Activate the changes
Ссылки