• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1673533 - Prevent Backdoors in SAP CRM Mobile Sales (IPC Server)

Главная Специалистам База уязвимостей Note 1673533 - Prevent Backdoors in SAP CRM Mobile Sales (IPC Server)

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1673533-2) SAP Support Packages (CRM_IPC_MOBILE_60_SP009_000001, CRM_IPC_MOBILE_60_SP999999_999999, CRM_IPC_MOBILE_70_SP010_000001, CRM_IPC_MOBILE_70_SP999999_999999, CRM_IPC_MOBILE_701_SP006_000000, CRM_IPC_MOBILE_701_SP007_000001, CRM_IPC_MOBILE_701_SP999999_999999, CRM_IPC_MOBILE_702_SP001_000002, CRM_IPC_MOBILE_702_SP003_000000, CRM_IPC_MOBILE_702_SP999999_999999, CRM_IPC_MOBILE_730_SP000_000004, CRM_IPC_MOBILE_730_SP999999_999999, CRM_IPC_MOBILE_731_SP000_000001, CRM_IPC_MOBILE_731_SP999999_999999, CRM_IPC_MOBILE_732_SP002_000001, CRM_IPC_MOBILE_732_SP999999_999999, CRM_JAVA_APPLICATIONS_50_SP019_000021, CRM_JAVA_APPLICATIONS_50_SP999999_999999, SAP_SHARED_JAVA_APPLIC_50_SP019_000021, SAP_SHARED_JAVA_APPLIC_50_SP999999_999999)
Описание
The vulnerability is caused by a hard-coded username and password  combination in the program's source code. An attacker who specifies  these credentials can log on to the system without having been assigned  legitimate access by the system administrator(s). If a user already has  privileges with which they can log on, an escalation of privileges may  be possible if the hard-coded account has higher access rights than the original user.
Как исправить
To correct the issue apply the java patch valid for your CRM release
from the SAP Service Marketplace.
Ссылки