• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1642810 - Code injection vulnerability in SV-SMG-SDD

Главная Специалистам База уязвимостей Note 1642810 - Code injection vulnerability in SV-SMG-SDD

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1642810-4) SAP Support Packages (SAPKB64032, SAPKB70111)
Описание
The program code contains a possibility to define and execute  user-defined code that changes the behavior of the system. A valid and  authenticated user is required. The user needs authorization to create and execute Abap reports.
Depending on the code, the user can:
inject and run their own code,
obtain additional information that should not be displayed,
modify data, delete data,
modify the output of the system
Как исправить
SAP_BASIS releases 610 - 731:
Implement the correction instruction of this note
SAP_BASIS releases 46B - 46D:
If you have ST-PI add-on installed your system the problem described here does not occur. You do not need to take any futher action.
Otherwise: please install the ST-PI add-on on your system. Have a look at note 769623 (ST-PI 2005_1_46B and ST-PI 2005_1_46D) or note 1228898 (ST-PI 2008_1_46C) for a detailed description how to install ST-PI.
Ссылки