• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1509681

Главная Специалистам База уязвимостей Не установлено обновление Note 1509681

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1509681-4)
Описание
The program contains statements that enable a user to execute their own  code, resulting in a changed system response. The user must be logged on  with valid system access, and must have the authorization to execute  reports. Depending on the code that the user inserts, this may require  additional information to which no access would be guaranteed.  Furthermore, the user may change or delete data, manipulate the output  of the system, or create new users with increased privileges. In addition, the availability of the system is endangered.
Как исправить
Implement the source code corrections manually.



------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component PAY-ENGINE SAP Payment Engine|
| Release 300 Until SAPK-30004INPE1 |
------------------------------------------------------------------------

Use transaction SE38 to delete the report /PE4/PE_PP_IF_SHOW_REP_PARAMS.
Ссылки