• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1512776

Главная Специалистам База уязвимостей Не установлено обновление Note 1512776

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1512776-1) SAP Support Packages (ESR_710_SP006_000035, ESR_710_SP007_000038, ESR_710_SP008_000021, ESR_710_SP009_000016, ESR_710_SP010_000006, ESR_710_SP011_000000, ESR_710_SP012_000000, ESR_710_SP999999_999999, ESR_711_SP002_000017, ESR_711_SP003_000023, ESR_711_SP004_000020, ESR_711_SP005_000012, ESR_711_SP006_000000, ESR_711_SP007_000000, ESR_711_SP999999_999999, ESR_720_SP001_000001, ESR_720_SP002_000001, ESR_720_SP003_000001, ESR_720_SP004_000000, ESR_720_SP005_000000, ESR_720_SP999999_999999, MESSAGING_SYSTEM_SERVICE_710_SP006_000046, MESSAGING_SYSTEM_SERVICE_710_SP007_000045, MESSAGING_SYSTEM_SERVICE_710_SP008_000034, MESSAGING_SYSTEM_SERVICE_710_SP009_000017, MESSAGING_SYSTEM_SERVICE_710_SP010_000004, MESSAGING_SYSTEM_SERVICE_710_SP011_000000, MESSAGING_SYSTEM_SERVICE_710_SP012_000000, MESSAGING_SYSTEM_SERVICE_710_SP999999_999999, MESSAGING_SYSTEM_SERVICE_711_SP002_000017, MESSAGING_SYSTEM_SERVICE_711_SP003_000026, MESSAGING_SYSTEM_SERVICE_711_SP004_000017, MESSAGING_SYSTEM_SERVICE_711_SP005_000009, MESSAGING_SYSTEM_SERVICE_711_SP006_000000, MESSAGING_SYSTEM_SERVICE_711_SP007_000000, MESSAGING_SYSTEM_SERVICE_711_SP999999_999999, MESSAGING_SYSTEM_SERVICE_720_SP001_000001, MESSAGING_SYSTEM_SERVICE_720_SP002_000001, MESSAGING_SYSTEM_SERVICE_720_SP003_000002, MESSAGING_SYSTEM_SERVICE_720_SP004_000000, MESSAGING_SYSTEM_SERVICE_720_SP005_000000, MESSAGING_SYSTEM_SERVICE_720_SP999999_999999, XI_TOOLS_30_SP023_000008, XI_TOOLS_30_SP024_000007, XI_TOOLS_30_SP025_000004, XI_TOOLS_30_SP026_000002, XI_TOOLS_30_SP999999_999999, XI_TOOLS_700_SP018_000013, XI_TOOLS_700_SP019_000013, XI_TOOLS_700_SP020_000011, XI_TOOLS_700_SP021_000006, XI_TOOLS_700_SP022_000006, XI_TOOLS_700_SP024_000000, XI_TOOLS_700_SP999999_999999, XI_TOOLS_701_SP003_000011, XI_TOOLS_701_SP004_000008, XI_TOOLS_701_SP005_000007, XI_TOOLS_701_SP006_000005, XI_TOOLS_701_SP007_000002, XI_TOOLS_701_SP009_000000, XI_TOOLS_701_SP999999_999999, XI_TOOLS_702_SP003_000001, XI_TOOLS_702_SP004_000002, XI_TOOLS_702_SP005_000001, XI_TOOLS_702_SP999999_999999)
Описание
Problem Description -

1)XI administrative tools exhibit several possibilities for script injection attacks via URL parameters.

There were a few vulnerable parameters in the scripts, which were prone to XSS attacks.
Как исправить
Why the customers should apply the patch ?
This patch would fix the security issues mentioned with ESR which could cause a potential security threat like XI administrative tools exhibiting several possibilities for script injection attacks via URL parameters

What are the affected versions ?
Affected releases are SAP NetWeaver 2004 , SAP NetWeaver 2004S, SAP NetWeaver PI 7.1 and SAP EHP1 for SAP PI NetWeaver 7.1 and the affected SCA's are SAP_XITOOL for release NW04/NW04S and SAP_XIESR and SAP_XITOOL for release SAP NetWeaver PI 7.1 and SAP EHP1 for SAP PI NetWeaver 7.1

How can the customer find out the used version in his systems?
Customer can find out the version that he uses by opening the Administration pages of ESR and then clicking on "Software Build Information" link and viewing the following -
Make Release ,SPS Number.

What are the fixed versions?
All the affected versions are fixed.
Details of the fixes (with the level of the SP in which they were fixed) are as follows:
NW04 SP23
NW04S SP18
SAP NetWeaver 7.0 EHP1 SP02
SAP NetWeaver PI 7.1 SP7
SAP EHP1 for SAP NetWeaver PI 7.1 SP1

Where and how to get the fixed versions?
You can get the fixed versions from the service market place.
Service Market Place -> Downloads -> SAP Support Package -> Enter by Application Group -> SAP Netweaver -> Select desired Release -> Desired SCA.
Ссылки