• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1540257

Главная Специалистам База уязвимостей Не установлено обновление Note 1540257

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1540257-3) SAP Support Packages (SAPKH31IB9, SAPKH40B89, SAPKH45B67, SAPKH46B62, SAPKH46C62, SAPKH47036, SAPKH50025, SAPKH60020, SAPKH60210, SAPKH60309, SAPKH60410, SAPKH60504)
Описание
The programs specified in the correction instructions contain  vulnerabilities through which a malicious user can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Some of the programs specified in the correction instructions contain a  vulnerability through which a malicious user can potentially write  arbitrary files on the remote server, possibly corrupting data or altering system behavior.
Как исправить
For additional information and instructions, see Note 1497003. The corrections from Note 1497003 are a prerequisite for implementing this note.

Logical file names used in this solution

Logical path name: FI_DME_DOWNLOAD_PATH
Logical file name: FI_DME_DOWNLOAD_FILE
The following programs already use this logical file name: Transaction FDTA
The following programs now also use this logical file name: Transactions FBWD, RFWEDX00, RFFBWG10, RFFBWD10

Logical path name: FI_DME_CREATE_PATH
Logical file name: FI_DME_CREATE_FILE
The following programs already use this logical file name: SAPFPAYM, RFFOD__L, RFFOD__U, RFFOD__Z
The following programs now also use this logical file name: Transaction FBWE, transactions FBWE, RFFBWD99, RFFBWD00


Recommendations for setting up logical file names

To avoid maintaining a high number of logical file names, some of the programs share the same logical file name.

Using the same logical file name for various programs creates dependencies among these programs. To securely separate data created by different users and different programs, try to create a directory structure that reflects the user name and/or program name, and use this information when setting up the physical path and file names for the logical file paths and file names.
Ссылки