Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1516216-4)
SAP Support Packages
(SAPKB46B62, SAPKB46C62, SAPKB62070, SAPKB64028, SAPKB70023, SAPKB70108, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73002)
Описание
The program code contains a hard-coded username which changes the system#s behaviour should a user authenticate successfully. The user may obtain additional information which should not be displayed. The vulnerability is caused by a hard-coded username-password com-bination in the program#s source code. A malicious user who specifies these credentials can log into the system without having been assigned legitimate access by the system administrator(s). In case a user already privileges to log in with, an Escalation of Privileges may be possible if the hard-coded account has higher access rights than the original user.
Как исправить
Please apply the corrections in this note.
Ссылки