Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1503022-4)
SAP Support Packages
(SAPKB71011, SAPKB71106)
Описание
Reason:
The list of reports shown below are usually be executed by DOE administrators for cleaning up logs and older Data Object messages. Currently there are authorization checks missing for these reports. After the fix 'SAP_DOE_ADMINISTRATOR' is the role required to execute these reports.
1. SMMW_REORG_LOG
2. SMMW_REORG_MSG_STORE
3. MMW_MON_LOGFILES_CLEANUP
Similarly there is one function module identified in security code scan that can be accessed remotely without DOE specific authorizations. After the fix 'SAP_DOE_SYNC_ROLE' is the role required to access these function modules.
1. SMMW_DEVICE_DISCOVERY
Pre-requisite:
You are on a SP lower than SP 11 of WebAs 7.10
or
You are on a SP lower than SP 06 of WebAs 7.11
The list of reports shown below are usually be executed by DOE administrators for cleaning up logs and older Data Object messages. Currently there are authorization checks missing for these reports. After the fix 'SAP_DOE_ADMINISTRATOR' is the role required to execute these reports.
1. SMMW_REORG_LOG
2. SMMW_REORG_MSG_STORE
3. MMW_MON_LOGFILES_CLEANUP
Similarly there is one function module identified in security code scan that can be accessed remotely without DOE specific authorizations. After the fix 'SAP_DOE_SYNC_ROLE' is the role required to access these function modules.
1. SMMW_DEVICE_DISCOVERY
Pre-requisite:
You are on a SP lower than SP 11 of WebAs 7.10
or
You are on a SP lower than SP 06 of WebAs 7.11
Как исправить
Authorization check introduced.
Apply SP11 if you are on WebAs 7.10
or
Apply SP06 if you are on WebAs 7.11
Apply SP11 if you are on WebAs 7.10
or
Apply SP06 if you are on WebAs 7.11
Ссылки