• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1499993

Главная Специалистам База уязвимостей Не установлено обновление Note 1499993

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1499993-7) SAP Support Packages (LIFECYCLE_MGMT_PORTAL_730_SP001_000001, LIFECYCLE_MGMT_PORTAL_730_SP002_000000, LIFECYCLE_MGMT_PORTAL_730_SP999999_999999)
Описание
The ACL's configuration has an insecure default configuration values  after initial installation of Enterprise Portal. This may result in undesired system behavior.

Affected versions:
o  SAP NetWeaver 04

    o  SAP NetWeaver 7.0

    o  SAP EHP1 FOR SAP NETWEAVER 7.0

    o  SAP EHP2 FOR SAP NETWEAVER 7.0

    o  SAP NETWEAVER 7.30 SP 1
Как исправить
To restrict access to KM repositories and to secure content and configurations, appropriate permissions have to be assigned.
A CTC configuration task assigns permissions to the following repositories:com.sap.netweaver.kmc.expimp, discussiongroups, entrypoints,grouphome, ice, rolehome, reporting, taxonomies, taxdata, userhome, ~system,etc, documents, com.sap.km.appl, com.sap.kmc.transport, indexmanagement.
The executions of the configuration for SAP NETWEAVER 7.30 can be found in section Knowledge Management in the following link:

http://help.sap.com/saphelp_nw73/helpdata/en/42/89749d882d1422e10000000a114cbd/frameset.htm

A. ) An automatic CTC configuration is available in these deliveries:

o Patch 1 for SAP NETWEAVER 7.30 SP 1

o SAP NETWEAVER 7.30 SP 2

B.) Manual solution for:

o SAP NetWeaver 04

o SAP NetWeaver 7.0

o SAP EHP1 FOR SAP NETWEAVER 7.0

o SAP EHP2 FOR SAP NETWEAVER 7.0

is to apply the steps described in note 599425
Ссылки