• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1503579

Главная Специалистам База уязвимостей Не установлено обновление Note 1503579

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:C/A:P)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1503579-4) SAP Support Packages (XI_TOOLS_30_SP024_000008, XI_TOOLS_30_SP025_000005, XI_TOOLS_30_SP026_000003, XI_TOOLS_30_SP027_000001, XI_TOOLS_30_SP999999_999999, XI_TOOLS_700_SP019_000014, XI_TOOLS_700_SP020_000012, XI_TOOLS_700_SP021_000007, XI_TOOLS_700_SP022_000007, XI_TOOLS_700_SP023_000000, XI_TOOLS_700_SP024_000000, XI_TOOLS_700_SP999999_999999, XI_TOOLS_701_SP004_000009, XI_TOOLS_701_SP005_000008, XI_TOOLS_701_SP006_000006, XI_TOOLS_701_SP007_000003, XI_TOOLS_701_SP008_000000, XI_TOOLS_701_SP009_000000, XI_TOOLS_701_SP999999_999999, XI_TOOLS_702_SP003_000001, XI_TOOLS_702_SP004_000002, XI_TOOLS_702_SP005_000001, XI_TOOLS_702_SP006_000000, XI_TOOLS_702_SP999999_999999, XI_TOOLS_710_SP007_000030, XI_TOOLS_710_SP008_000019, XI_TOOLS_710_SP009_000013, XI_TOOLS_710_SP010_000004, XI_TOOLS_710_SP012_000000, XI_TOOLS_710_SP999999_999999, XI_TOOLS_711_SP003_000021, XI_TOOLS_711_SP004_000016, XI_TOOLS_711_SP005_000005, XI_TOOLS_711_SP006_000001, XI_TOOLS_711_SP007_000000, XI_TOOLS_711_SP999999_999999, XI_TOOLS_730_SP001_000000, XI_TOOLS_730_SP999999_999999)
Описание
Certain HTTP requests elude the authentication checks performed for HTTP  GET requests so that the command is executed. The respective Java   Servlets and Java Server Pages belong to the old administration pages  which were replaced in NetWeaver 7.1 with a web-dynpro based solution. However, the old pages still exist and are accessible.

* What are the affected releases?
SAP_BASIS 640
SAP_BASIS 700
SAP_BASIS 701
SAP_BASIS 702
SAP_BASIS 710
SAP_BASIS 711
SAP_BASIS 730

SAP_BASIS 720 is not affected as there is no PI 7.20
SAP_BASIS 731 is not vulnerable to this attack
Как исправить
The provided patch solves the problem. Each HTTP request will undergo the authentication checks.
* What are the fixed versions and patch levels?
SAP_BASIS 640 SP24
SAP_BASIS 700 SP19
SAP_BASIS 701 SP4
SAP_BASIS 702 SP3
SAP_BASIS 710 SP7
SAP_BASIS 711 SP3
SAP_BASIS 730 SP1

Please apply the support package from the list above or apply the correction from the note.
Ссылки