Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1626450-3)
SAP Support Packages
(E_SOURCING_SRM_JAVA_SERVER_50_SP000_000010, E_SOURCING_SRM_JAVA_SERVER_50_SP999999_999999, SOURCING_SRM_JAVA_SERVER_51_SP010_000000, SOURCING_SRM_JAVA_SERVER_51_SP999999_999999)
Описание
LOD-ESO-AS maintains actives sessions by referencing them via session IDs. When an attacker tricks the server into accepting an attacker generated ID that refers to an active session, the attacker can perform all the action the authenticated user can perform.
Как исправить
Code changes were provided to address the issue. Customers should upgrade SAP SOURCING/CLM to Version 5.0 patch J, or Version 5.1 Patch 10 or to any Version 7.0 release which will include the fix for this vulnerability.
.
.
Ссылки