• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1470407 - Potential disclosure of persisted data in WEBCUIF

Главная Специалистам База уязвимостей Note 1470407 - Potential disclosure of persisted data in WEBCUIF

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1470407-4) SAP Support Packages (730, SAPK-52011INCRMUIF, SAPK-60010INCRMUIF, SAPK-70007INWEBCUIF, SAPK-70008INWEBCUIF, SAPK-70102INWEBCUIF)
Описание
This problem is caused by an SQL injection vulnerability. The code  composes an SQL statement including strings that can be altered by a  malicious user. The manipulated SQL statement can then be used to retrieve additional information from the database.
Как исправить
Please, apply this note.------------------------------------------------------------------------|Manual Pre-Implement.                                                 |------------------------------------------------------------------------|VALID FOR                                                             ||Software Component   WEBCUIF                                          || Release 700          Until SAPK-70007INWEBCUIF                       || Release 701          Until SAPK-70101INWEBCUIF                       |------------------------------------------------------------------------Login in English as translations of texts will only be available via support package.In transaction SE91 enter message class CRM_UI_FRAME_LTX and create the message 025:
Message number: 025
Message short text: Variable &1 contains the invalid character &2
Self-explanatory: X
Save your changes.In transaction SOTR_EDIT create a new short text:
Alias: CRM_BSP_UI_FRAME_LTX/INITIAL_PAGE_NAME
Package: CRM_BSP_UI_FRAME_LTX
Object Type: WAPP
Length: 100
Text: The URL of the page to be displayed is initial.
Save your changes.
Ссылки