Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1470407-4)
SAP Support Packages
(730, SAPK-52011INCRMUIF, SAPK-60010INCRMUIF, SAPK-70007INWEBCUIF, SAPK-70008INWEBCUIF, SAPK-70102INWEBCUIF)
Описание
This problem is caused by an SQL injection vulnerability. The code composes an SQL statement including strings that can be altered by a malicious user. The manipulated SQL statement can then be used to retrieve additional information from the database.
Как исправить
Please, apply this note.------------------------------------------------------------------------|Manual Pre-Implement. |------------------------------------------------------------------------|VALID FOR ||Software Component WEBCUIF || Release 700 Until SAPK-70007INWEBCUIF || Release 701 Until SAPK-70101INWEBCUIF |------------------------------------------------------------------------Login in English as translations of texts will only be available via support package.In transaction SE91 enter message class CRM_UI_FRAME_LTX and create the message 025:
Message number: 025
Message short text: Variable &1 contains the invalid character &2
Self-explanatory: X
Save your changes.In transaction SOTR_EDIT create a new short text:
Alias: CRM_BSP_UI_FRAME_LTX/INITIAL_PAGE_NAME
Package: CRM_BSP_UI_FRAME_LTX
Object Type: WAPP
Length: 100
Text: The URL of the page to be displayed is initial.
Save your changes.
Message number: 025
Message short text: Variable &1 contains the invalid character &2
Self-explanatory: X
Save your changes.In transaction SOTR_EDIT create a new short text:
Alias: CRM_BSP_UI_FRAME_LTX/INITIAL_PAGE_NAME
Package: CRM_BSP_UI_FRAME_LTX
Object Type: WAPP
Length: 100
Text: The URL of the page to be displayed is initial.
Save your changes.
Ссылки