• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1571325

Главная Специалистам База уязвимостей Не установлено обновление Note 1571325

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:P/I:N/A:N)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1571325-3) SAP Support Packages (SAPKH46B62, SAPKH46C62, SAPKH47036, SAPKH50025, SAPKH60020, SAPKH60210, SAPKH60309, SAPKH60410, SAPKH60505)
Описание
The problem is caused by an SQL injection vulnerability. The code  composes an SQL statement that contains strings that can be altered by a  malicious user. The manipulated SQL statement can then be used to retrieve data from the database.
Как исправить
Apply the corresponding corrections.

On systems with BASIS releases <= 6.40 manual steps must be performed.



------------------------------------------------------------------------
|Manual Post-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_APPL SAP Application |
| Release 46B All Support Package Levels |
| Release 46C All Support Package Levels |
| Release 470 All Support Package Levels |
| Release 500 All Support Package Levels |
------------------------------------------------------------------------

In case the BASIS release is lower or equal 6.40 a manual step must be performed in addition to the automatic note implmentation.

Call the function module named in the correction instruction with transaction SE37.
Go to the attributes tab and set the processing type to "Normal Function Module".
Ссылки