Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1511561-3)
SAP Support Packages
(SAPK-470B3INSAPHRGXX, SAPK-470B4INSAPHRGXX, SAPK-50079INSAPHRGXX, SAPK-60062INSAPHRGXX, SAPK-60427INSAPHRGXX)
Описание
This problem is caused by an SQL injection issue. In the source code, an SQL statement consists of strings in which an attacker can obtain control over the content of a substring. Through this, the resulting complete statement can be manipulated and, therefore, the database can be prompted to output additional data.
Как исправить
The solution provided in this note ensures that the two RFC-enabled function modules can read only HR data from specified tables.
The "Reference to Support Packages" section specifies the Support Packages that contain the corrections.
Alternatively, you can implement the attached correction instructions.
The "Reference to Support Packages" section specifies the Support Packages that contain the corrections.
Alternatively, you can implement the attached correction instructions.
Ссылки