• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1626450 - Unauthorized use web application sessions in LOD-ESO-AS

Главная Специалистам База уязвимостей Note 1626450 - Unauthorized use web application sessions in LOD-ESO-AS

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1626450-3) SAP Support Packages (E_SOURCING_SRM_JAVA_SERVER_50_SP000_000010, E_SOURCING_SRM_JAVA_SERVER_50_SP999999_999999, SOURCING_SRM_JAVA_SERVER_51_SP010_000000, SOURCING_SRM_JAVA_SERVER_51_SP999999_999999)
Описание
LOD-ESO-AS maintains actives sessions by referencing them via session  IDs. When an attacker tricks the server into accepting an attacker  generated ID that refers to an active session, the attacker can perform all the action the authenticated user can perform.
Как исправить
Code changes were provided to address the issue. Customers should upgrade SAP SOURCING/CLM to Version 5.0 patch J, or Version 5.1 Patch 10 or to any Version 7.0 release which will include the fix for this vulnerability.
.
Ссылки