• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1504497

Главная Специалистам База уязвимостей Не установлено обновление Note 1504497

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1504497-2) SAP Support Packages (SAPKH31IB9, SAPKH40B89, SAPKH45B67, SAPKH46B62, SAPKH46C62, SAPKH47036, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60503)
Описание
The programs contained in the correction instructions contain  vulnerabilities through which a malicious user can potentially read  arbitrary files on the remote server, possibly disclosing confidential information.
Some of the programs contained in the correction instructions contain a vulnerability through which a malicious user can potentially write  arbitrary files on the remote server, possibly corrupting data or altering system behavior.
Как исправить
Please refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note.

The following logical file names have been created in order to enable the validation of physical file names:

COPA_REOCE4 used in program RKEREOCE4_EXTRACT
COPA_RKEHOH10 used in program RKEHOH10
COPA_RKEXD000 used in program RKEXD000
COPA_KEFC_IN and
COPA_KEFC_OUT used in transaction KEFC
COPA_KEDA used in transaction KEDA

The logical file names listed above all use the logical file path COPA_ROOT.
Ссылки