Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1693981-1)
Описание
Several attacks are possible with files uploaded to file repositories. In general, virus scanners will not find files designed for this specific attack type.
Как исправить
SAP provides an enhanced virus scan interface including options for content protection. To use this protection:
Connect a virus scanner to the SAP system supporting active content block and MIME detection/filter. See SAP note 1494278 for available virus scanners and features. If in doubt, contact your virus scanner provider. See [1] (at the end of this note) for general documentation how to connect a virus scanner to the SAP system.
Implement SAP notes 1640285 and 1669429 or the corresponding support packages (more notes may be necessary, see below).
Create or adapt a default virus scan profile. See [1] (at the end of this note) for a general documentation. This default profile should cover 80%-100% of your use cases. See below for an example. All other profiles should use this default profile (check 'Active' and 'Use Reference' and leave 'Ref. Profile' and 'Default Profile' empty). Most applications will use the same profile configuration parameters as the default profile. For these applications, leave 'Evaluate Profile Configuration Param.' empty. For applications needing different mime types, check 'Evaluate Profile Configuration Param.' and maintain the profile parameters as needed by this application. The profile parameters of the default profile will be ignored. Notes:
If you save the 'Virus Scan Profile' configuration and see the warning: 'Profile parameters exist, but evaluation has not been activated' for profiles delivered by SAP, make sure to check 'Evaluate Profile Configuration Param.' for these profiles
Depending on your support package level, additional SAP notes may be required enabling application specific profiles
Connect a virus scanner to the SAP system supporting active content block and MIME detection/filter. See SAP note 1494278 for available virus scanners and features. If in doubt, contact your virus scanner provider. See [1] (at the end of this note) for general documentation how to connect a virus scanner to the SAP system.
Implement SAP notes 1640285 and 1669429 or the corresponding support packages (more notes may be necessary, see below).
Create or adapt a default virus scan profile. See [1] (at the end of this note) for a general documentation. This default profile should cover 80%-100% of your use cases. See below for an example. All other profiles should use this default profile (check 'Active' and 'Use Reference' and leave 'Ref. Profile' and 'Default Profile' empty). Most applications will use the same profile configuration parameters as the default profile. For these applications, leave 'Evaluate Profile Configuration Param.' empty. For applications needing different mime types, check 'Evaluate Profile Configuration Param.' and maintain the profile parameters as needed by this application. The profile parameters of the default profile will be ignored. Notes:
If you save the 'Virus Scan Profile' configuration and see the warning: 'Profile parameters exist, but evaluation has not been activated' for profiles delivered by SAP, make sure to check 'Evaluate Profile Configuration Param.' for these profiles
Depending on your support package level, additional SAP notes may be required enabling application specific profiles
Ссылки