Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1508333-1)
SAP Support Packages
(SAPK-30006INPE1)
Описание
The problem is caused by an SQL injection vulnerability. In the source code, an SQL statement is composed out of strings. An attacker can gain control over the content of a substring. As a result, the attacker can manipulate the resulting complete statement and can modify database contents.
Как исправить
Implement the source code corrections manually.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component PAY-ENGINE SAP Payment Engine|
| Release 300 Until SAPK-30005INPE1 |
------------------------------------------------------------------------
Use transaction SE80 to delete the function group /PE1/BPE_TESTSUPPORT.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component PAY-ENGINE SAP Payment Engine|
| Release 300 Until SAPK-30005INPE1 |
------------------------------------------------------------------------
Use transaction SE80 to delete the function group /PE1/BPE_TESTSUPPORT.
Ссылки