• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1509794

Главная Специалистам База уязвимостей Не установлено обновление Note 1509794

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1509794-7) SAP Support Packages (SAPKH31IB9, SAPKH40B89, SAPKH45B67, SAPKH46B62, SAPKH46C62, SAPKH47036, SAPKH50024, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60503, SAPKH60504)
Описание
Transactions CL6E and CL6F fail to correctly validate the path with  which a file that is read from the remote server is referenced. This  means that an attacker can potentially point the program to an arbitrary other file on the system, disclosing its contents.
Как исправить
Ensure that the corrections contained in Note 1512352 exist in your system. Implement the corrections in accordance with the advance correction contained in this note. Also refer to the information contained in Note 1497003. The program changes from Note 1497003 are also a prerequisite for this note.

The following logical file names were created to enable validation of the physical file names:
DIN_CLASS for transaction CL6E
The logical path name DIN_CLASS_PATH is used for transaction CL6E.
DIN_CHARACTERISTIC for transaction CL6F
The logical path name DIN_CHARACTERISTIC_PATH is used for transaction CL6F.
Ссылки