Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1509681-4)
Описание
The program contains statements that enable a user to execute their own code, resulting in a changed system response. The user must be logged on with valid system access, and must have the authorization to execute reports. Depending on the code that the user inserts, this may require additional information to which no access would be guaranteed. Furthermore, the user may change or delete data, manipulate the output of the system, or create new users with increased privileges. In addition, the availability of the system is endangered.
Как исправить
Implement the source code corrections manually.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component PAY-ENGINE SAP Payment Engine|
| Release 300 Until SAPK-30004INPE1 |
------------------------------------------------------------------------
Use transaction SE38 to delete the report /PE4/PE_PP_IF_SHOW_REP_PARAMS.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component PAY-ENGINE SAP Payment Engine|
| Release 300 Until SAPK-30004INPE1 |
------------------------------------------------------------------------
Use transaction SE38 to delete the report /PE4/PE_PP_IF_SHOW_REP_PARAMS.
Ссылки