• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1774568 - Disable (RSC) service exposed by the Diagnostics Agent

Главная Специалистам База уязвимостей Note 1774568 - Disable (RSC) service exposed by the Diagnostics Agent

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:P/A:PSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1774568-2) SAP Support Packages (SOLMANDIAG_710_SP005_000001, SOLMANDIAG_710_SP006_000000, SOLMANDIAG_710_SP999999_999999)
Описание
The vulnerability happens because the Diagnostics Agent exposes a remote  service when used in conjunction with Solution Manager.In fact, this remote service has to be only available in the context of  RSC (Remote Support Component) which is a scenario running independantly from Solution manager.This Diagnostics Agent's remote service could potentially be misused by attackers.
Как исправить
Whenever a Diagnostics Agent is used in the context of Solution Manager (connected to a Solution Manager 7.1 system) this remote service must not be available.This is automatically achieved by patching the LM-SERVICE Java software component on the Solution Manager system to which the concerned Diagnostics Agents are connected.The Diagnostics Agents will automatically patch themselves after the deployment is successful.Last but not least, remember to follow also the general recommendations of SAP note 1483508.
Ссылки