• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1499108

Главная Специалистам База уязвимостей Не установлено обновление Note 1499108

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1499108-6) SAP Support Packages (SAPKB62070, SAPKB64027, SAPKB70023, SAPKB70108, SAPKB70205, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72004, SAPKB73001)
Описание
Information such as the type, number, and implementation of SQL  statements can be discovered using SAP Basis ABAP for DB2 on IBM i or  i5/OS. This information may be used by a malicious user to obtain  information about all of the SQL statements that are executed in the  system and their implementation. However, this information does not contain the results of SQL queries (user data).
Как исправить
The report RSDB4ANALYZE_V5R3_PLANCACHEDMP that is affected by this problem is appropriate in systems only that use the database IBM DB2 for i5/OS with Release V5R3. The report may be removed in later SAP releases that have no longer been certified for this database release.

The Support Package assigned to this note removes the report from SAP releases that are not released for i5/OS V5R3. In lower releases, the report is changed so that the analysis is restricted to a certain file name.

If you are not using the database IBM DB2 for i5/OS with Release V5R3, you can also delete the report RSDB4ANALYZE_V5R3_PLANCACHEDMP manually.

If you use transaction SNOTE to implement this note, the report is changed in all SAP releases so that only a file with a predefined name can be analyzed.

Users that are not database administrators should generally not have the authorization to execute the report.
Ссылки