• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1503022

Главная Специалистам База уязвимостей Не установлено обновление Note 1503022

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1503022-4) SAP Support Packages (SAPKB71011, SAPKB71106)
Описание
Reason:
The list of reports shown below are usually be executed by DOE  administrators for cleaning up logs and older Data Object messages.  Currently there are authorization checks missing for these reports.  After the fix 'SAP_DOE_ADMINISTRATOR' is the role required to execute these reports.
1. SMMW_REORG_LOG
2. SMMW_REORG_MSG_STORE
3. MMW_MON_LOGFILES_CLEANUP

Similarly there is one function module identified in security code scan  that can be accessed remotely without DOE specific authorizations. After the fix 'SAP_DOE_SYNC_ROLE' is the role required to access these function modules.
1. SMMW_DEVICE_DISCOVERY

Pre-requisite:
You are on a SP lower than SP 11 of WebAs 7.10
or
You are on a SP lower than SP 06 of WebAs 7.11
Как исправить
Authorization check introduced.

Apply SP11 if you are on WebAs 7.10
or
Apply SP06 if you are on WebAs 7.11
Ссылки