Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
SAP Notes
(1686842-2)
SAP Support Packages
(SAPKB64030, SAPKB70027, SAPKB70112, SAPKB70212, SAPKB71015, SAPKB71110, SAPKB72008, SAPKB73008, SAPKB73104)
Описание
ABAP Dump Collector does not contain authorization checks for checking an authenticated user's authorization to access some of its functions. This may result in undesired system behavior.
Как исправить
The correction introduces authorization checks for ST22 and submit of reports.
For ST22 by authorization object S_TCODE.
For execution of the offered reports by the authorization objects S_DEVELOP and S_PROGRAM.
The correction is provided either by the support packages mentioned in this note or the correction instructions.
------------------------------------------------------------------------
|Manual Activity |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 640 Until SAPKB64029 |
| Release 700 SAPKB70004 - SAPKB70026 |
| Release 710 Until SAPKB71014 |
| Release 711 SAPKB71101 - SAPKB71109 |
| Release 701 Until SAPKB70111 |
| Release 702 SAPKB70201 - SAPKB70211 |
| Release 730 SAPKB73001 - SAPKB73007 |
| Release 720 SAPKB72002 - SAPKB72007 |
| Release 731 SAPKB73101 - SAPKB73103 |
------------------------------------------------------------------------
Create the new message 600 in message class SN using transaction SE80.
The text for the message shall be "You have no authorization for the requested operation."
For ST22 by authorization object S_TCODE.
For execution of the offered reports by the authorization objects S_DEVELOP and S_PROGRAM.
The correction is provided either by the support packages mentioned in this note or the correction instructions.
------------------------------------------------------------------------
|Manual Activity |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 640 Until SAPKB64029 |
| Release 700 SAPKB70004 - SAPKB70026 |
| Release 710 Until SAPKB71014 |
| Release 711 SAPKB71101 - SAPKB71109 |
| Release 701 Until SAPKB70111 |
| Release 702 SAPKB70201 - SAPKB70211 |
| Release 730 SAPKB73001 - SAPKB73007 |
| Release 720 SAPKB72002 - SAPKB72007 |
| Release 731 SAPKB73101 - SAPKB73103 |
------------------------------------------------------------------------
Create the new message 600 in message class SN using transaction SE80.
The text for the message shall be "You have no authorization for the requested operation."
Ссылки
