Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1629242-3)
SAP Support Packages
(E_SOURCING_SRM_JAVA_SERVER_50_SP000_000010, E_SOURCING_SRM_JAVA_SERVER_50_SP999999_999999, SOURCING_SRM_JAVA_SERVER_51_SP010_000000, SOURCING_SRM_JAVA_SERVER_51_SP999999_999999)
Описание
LOD-ESO-AS does not contain authorization checks for checking an authenticated user's authorization to access some cross tenant functions. This may result in undesired system behavior.
Как исправить
Fixes have been developed and released in version 5.0 J, Version 5.1 Patch 10 and all Version 7.0 SP and patch releases. Update to the appropriate Release / Patch version to mitigate this risk.
Ссылки