• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1648138 - Insecure default configuration of ACLs in KM repositories

Главная Специалистам База уязвимостей Note 1648138 - Insecure default configuration of ACLs in KM repositories

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1648138-2) SAP Support Packages (KMC_BASE_COMPONENTS_730_SP001_000004, KMC_BASE_COMPONENTS_730_SP002_000005, KMC_BASE_COMPONENTS_730_SP003_000006, KMC_BASE_COMPONENTS_730_SP004_000003, KMC_BASE_COMPONENTS_730_SP005_000001, KMC_BASE_COMPONENTS_730_SP007_000000, KMC_BASE_COMPONENTS_730_SP999999_999999, KMC_BASE_COMPONENTS_731_SP001_000001, KMC_BASE_COMPONENTS_731_SP002_000001, KMC_BASE_COMPONENTS_731_SP003_000000, KMC_BASE_COMPONENTS_731_SP999999_999999, KMC_CONTENT_MANAGEMENT_730_SP001_000006, KMC_CONTENT_MANAGEMENT_730_SP002_000005, KMC_CONTENT_MANAGEMENT_730_SP003_000005, KMC_CONTENT_MANAGEMENT_730_SP004_000002, KMC_CONTENT_MANAGEMENT_730_SP005_000002, KMC_CONTENT_MANAGEMENT_730_SP007_000000, KMC_CONTENT_MANAGEMENT_730_SP999999_999999, KMC_CONTENT_MANAGEMENT_731_SP001_000002, KMC_CONTENT_MANAGEMENT_731_SP002_000001, KMC_CONTENT_MANAGEMENT_731_SP003_000000, KMC_CONTENT_MANAGEMENT_731_SP999999_999999, LIFECYCLE_MGMT_PORTAL_730_SP001_000002, LIFECYCLE_MGMT_PORTAL_730_SP002_000001, LIFECYCLE_MGMT_PORTAL_730_SP003_000001, LIFECYCLE_MGMT_PORTAL_730_SP004_000001, LIFECYCLE_MGMT_PORTAL_730_SP005_000001, LIFECYCLE_MGMT_PORTAL_730_SP007_000000, LIFECYCLE_MGMT_PORTAL_730_SP999999_999999, LIFECYCLE_MGMT_PORTAL_731_SP001_000002, LIFECYCLE_MGMT_PORTAL_731_SP002_000001, LIFECYCLE_MGMT_PORTAL_731_SP003_000000, LIFECYCLE_MGMT_PORTAL_731_SP999999_999999)
Описание
The ACL's configuration has an insecure default configuration values  after initial installation of Enterprise Portal. This may result in undesired system behavior.

Affected versions:
    o  SAP NetWeaver 04

    o  SAP NetWeaver 7.0

    o  SAP EHP1 FOR SAP NETWEAVER 7.0

    o  SAP EHP2 FOR SAP NETWEAVER 7.0
Как исправить
To restrict access to KM repositories and to secure content and configurations, appropriate permissions have to be assigned. A CTC configuration task assigns permissions to the following repositories: pccruntime, pccshrcontent, room_extensions, room_publicarea_structures, room_store_cm, room_structures, rooms, runtime, workflow, attachment. The executions of the configuration for SAP NETWEAVER 7.30 can be found in section Knowledge Management in the following link:

http://help.sap.com/saphelp_nw73/helpdata/en/42/89749d882d1422e10000000a114cbd/frameset.htm

For other KM repositories see note 1499993.

A.) For more information about the affected releases, see the "SP Patch
    Level" tab page of this SAP note.
    For more information about the SP Stack schedule and updates, see
    http://service.sap.com/sp-stacks -> SP Stacks maintenance schedule.

B.)  Manual solution for:

   o  SAP NetWeaver 04

   o  SAP NetWeaver 7.0

   o  SAP EHP1 FOR SAP NETWEAVER 7.0

   o  SAP EHP2 FOR SAP NETWEAVER 7.0

    is to apply the steps described in note 599425
Ссылки