Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:N/C:P/I:N/A:N)
Производитель ПО
Наименование ПО
SAP Notes
(1684632-6)
SAP Support Packages
(ENGINEAPI_710_SP011_000010, ENGINEAPI_710_SP012_000006, ENGINEAPI_710_SP013_000003, ENGINEAPI_710_SP014_000001, ENGINEAPI_710_SP015_000000, ENGINEAPI_710_SP999999_999999, ENGINEAPI_711_SP006_000010, ENGINEAPI_711_SP007_000008, ENGINEAPI_711_SP008_000005, ENGINEAPI_711_SP009_000001, ENGINEAPI_711_SP010_000000, ENGINEAPI_711_SP999999_999999, ENGINEAPI_720_SP004_000015, ENGINEAPI_720_SP005_000010, ENGINEAPI_720_SP006_000006, ENGINEAPI_720_SP007_000000, ENGINEAPI_720_SP008_000000, ENGINEAPI_720_SP999999_999999, ENGINEAPI_730_SP001_000009, ENGINEAPI_730_SP002_000005, ENGINEAPI_730_SP003_000010, ENGINEAPI_730_SP004_000008, ENGINEAPI_730_SP005_000007, ENGINEAPI_730_SP007_000000, ENGINEAPI_730_SP008_000000, ENGINEAPI_730_SP999999_999999, ENGINEAPI_731_SP001_000004, ENGINEAPI_731_SP002_000002, ENGINEAPI_731_SP003_000000, ENGINEAPI_731_SP004_000000, ENGINEAPI_731_SP999999_999999)
Описание
Web services configured to use XML Encryption. Web services using SSL are not affected.
Как исправить
Apply the latest hot fix if your system is affected and you are using XML Encryption. As an alternative, you may reconfigure the affected web services to use SSL for transport protection instead of XML Encryption. To change the cache size for black listed keys and data for standard CBC attack system property "com.sap.xml.security.cbcprotection.size" with integer value can be used. By default its value is 100.
Ссылки