Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:P/A:PSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1774568-2)
SAP Support Packages
(SOLMANDIAG_710_SP005_000001, SOLMANDIAG_710_SP006_000000, SOLMANDIAG_710_SP999999_999999)
Описание
The vulnerability happens because the Diagnostics Agent exposes a remote service when used in conjunction with Solution Manager.In fact, this remote service has to be only available in the context of RSC (Remote Support Component) which is a scenario running independantly from Solution manager.This Diagnostics Agent's remote service could potentially be misused by attackers.
Как исправить
Whenever a Diagnostics Agent is used in the context of Solution Manager (connected to a Solution Manager 7.1 system) this remote service must not be available.This is automatically achieved by patching the LM-SERVICE Java software component on the Solution Manager system to which the concerned Diagnostics Agents are connected.The Diagnostics Agents will automatically patch themselves after the deployment is successful.Last but not least, remember to follow also the general recommendations of SAP note 1483508.
Ссылки