Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1667388-1)
SAP Support Packages
(BRMS_CORE_720_SP006_000001, BRMS_CORE_720_SP007_000000, BRMS_CORE_720_SP008_000000, BRMS_CORE_720_SP999999_999999, BRMS_CORE_730_SP005_000001, BRMS_CORE_730_SP007_000000, BRMS_CORE_730_SP999999_999999, BRMS_CORE_731_SP001_000001, BRMS_CORE_731_SP002_000001, BRMS_CORE_731_SP003_000000, BRMS_CORE_731_SP999999_999999)
Описание
In BRMS-CORE, there are problems with explicit scope declaration of fields,methods and classes.Such classes, methods, and variables that aren't explicitly labeled as public, private or protected are accessible within the same package. This is insecure. So an attacker could introduce a new class into the package and use this new class to access the things was assumed to be hidden.
Как исправить
To correct this issue, apply the patch matching your support package version as listed in the patch table below as per the instructions in the NetWeaver Support Package Stack Guide.
Ссылки