Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
SAP Notes
(1560360-5)
SAP Support Packages
(SAPK-60020INISOIL, SAPK-60210INISOIL, SAPK-60309INISOIL, SAPK-60410INISPRA, SAPK-60504INISPRA, SAPKI47060, SAPKI4C140)
Описание
Since the function OIUH_SUBMIT_UNIX_CALL is remote enabled, there is a backdoor entry and directory traversal vulnerability.
Как исправить
The function OIUH_SUBMIT_UNIX_CALL is no longer being used in PRA and hence it has been deleted. The deletion would be available in our next support pack and would eliminate the security risk arising due to this function.
This note cannot be applied via SNOTE (Note assistant). For applying this note manually, follow the manual instructions provided in the note.
This note cannot be applied via SNOTE (Note assistant). For applying this note manually, follow the manual instructions provided in the note.
Ссылки