Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:P/I:P/A:PSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1775422-3)
SAP Support Packages
(SAPKB46B62, SAPKB46C66, SAPKB46D45, SAPKB62074, SAPKB64032, SAPKB70028, SAPKB70113, SAPKB70213, SAPKB71016, SAPKB71111, SAPKB72008, SAPKB73009, SAPKB73106, SAPKB74001)
Описание
The program code contains a hard-coded user name that changes the system's behavior if a user is successfully authenticated. The user may obtain additional information that should not be displayed.The vulnerability is caused by a hard-coded user name and password combination in the program's source code. An attacker who specifies these credentials can log on to the system without having been assigned legitimate access by the system administrator(s). If a user already has privileges with which they can log on, an escalation of privileges may be possible if the hard-coded account has higher access rights than the original user.
Как исправить
Please follow the steps mentioned in the manual instructions.------------------------------------------------------------------------|Manual Activity |------------------------------------------------------------------------|VALID FOR ||Software Component SAP_BASIS SAP Basis compo...|| Release 46C Until SAPKB46C65 || Release 46B Until SAPKB46B61 || Release 46D Until SAPKB46D44 || Release 620 Until SAPKB62073 || Release 640 Until SAPKB64031 || Release 700 SAPKB70004 - SAPKB70027 || Release 710 Until SAPKB71015 || Release 711 SAPKB71101 - SAPKB71110 || Release 701 Until SAPKB70112 || Release 702 SAPKB70201 - SAPKB70212 || Release 730 SAPKB73001 - SAPKB73008 || Release 720 SAPKB72002 - SAPKB72007 || Release 731 SAPKB73101 - SAPKB73105 || Release 740 w/o Support Packages |------------------------------------------------------------------------Please follow below mentioned manual steps:-Open transaction se37.-Enter FM BM_REMOTE_INPUT_OUTPUT_LIST-From application menu select 'Delete' or press SHIFT+F2.-Save the changes in transport request and release it.
Ссылки