• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1520840

Главная Специалистам База уязвимостей Не установлено обновление Note 1520840

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1520840-1)
Описание
The program code contains a possibility to execute code of the user's choice which changes the system's behavior. Depending on the code being injected and run, the user may obtain additional information which should not be displayed, he may be able to modify data, delete data, modify the output of the system, create new users with higher privileges or perform a denial of service attack.

Program VRS_TABLE_COMPARISON is an internal program that is neither part of any standard transaction nor is it executed in a standard SAP system through other means. This means in practice that exploiting this vulnerability already requires unrestricted system access, so that the vulnerability cannot be used to gain additional access rights but can only be used to obscure an attack (by inserting one or more intermediate steps that make analysis of the attack more difficult).
Как исправить
Install below mentioned support package, this disables program VRS_TABLE_COMPARISON.

Ссылки