Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1507935-5)
SAP Support Packages
(SAPK-470B5INSAPHRRXX, SAPK-50081INSAPHRRXX, SAPK-60064INSAPHRRXX, SAPK-60430INSAPHRRXX, SAPKE46CH0)
Описание
The programs contained in the correction instructions contain vulnerabilities through which a malicious user can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
Some of the programs contained in the correction instructions contain a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behavior.
Some of the programs contained in the correction instructions contain a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behavior.
Как исправить
Please refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note. The preparations on application side have been provided with note 1506219. Implement the corrections from note 1506219 as prerequisite.
The following logical file names have been created in order to enable the validation of physical file names:
Logical Filename Report HR_XX_DIR_B2AFILE H99_B2AFILE HR_XX_DIR_RPUFCP01 RPUFCP01 HR_XX_DIR_RHMOVE40 RHMOVE40
Logical Filename Function Module HR_XX_DIR_RH_CALL_ORGDISPLAY RH_CALL_ORGDISPLAY
The following logical file names have been created in order to enable the validation of physical file names:
Logical Filename Report HR_XX_DIR_B2AFILE H99_B2AFILE HR_XX_DIR_RPUFCP01 RPUFCP01 HR_XX_DIR_RHMOVE40 RHMOVE40
Logical Filename Function Module HR_XX_DIR_RH_CALL_ORGDISPLAY RH_CALL_ORGDISPLAY
Ссылки