• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1536809

Главная Специалистам База уязвимостей Не установлено обновление Note 1536809

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1536809-1) SAP Support Packages (SAPK-51015INSCMEWM, SAPK-70009INSCMEWM, SAPK-70104INSCMEWM, SAPKY50019)
Описание
1. The programs contained in the correction instructions contain  vulnerabilities through which a malicious user can potentially read  arbitrary files on the remote server, possibly disclosing confidential information.
2. Some of the programs contained in the correction instructions  contain a vulnerability through which a malicious user can potentially  write arbitrary files on the remote server, possibly corrupting data or altering system behavior.
Как исправить
Please refer to the note 1497003 for additional information and instructions. The corrections from notes 1497003 is a prerequisite for implementation of this note.

The following logical file names have been created to enable the
validation of the physical file names for the mentioned transactions:
Transaction /SCWM/PI_SAMP_CR - Upload Sample to Create PI Documents: logical filename = EWM_PI_SAMP_CR ( see note 1470669 for information )
Transaction /SCWM/PI_SAMP_STOCK - Download Stock Population: logical filename = EWM_PI_SAMP_DOWNLOAD ( see note 1470669 for information )
Transaction /SCWM/PI_SAMP_UPDATE - Download Results or Stock Population: logical filename = EWM_PI_SAMP_UPDATE ( see note 1470669 for information )
Transaction /SCWM/PI_UPLOAD - Upload Storage Bins and Count Data: logical filename = EWM_PI_UPLOAD ( see note 1452989 for information ).
Transaction /SCWM/PI_DOWNLOAD - Download Storage Bins and Count Data: logical filename = EWM_PI_DOWNLOAD ( see note 1452989 for information )
Ссылки