• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1777053 - Missing authorization check in BC-SEC-USR-ADM

Главная Специалистам База уязвимостей Note 1777053 - Missing authorization check in BC-SEC-USR-ADM

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:P/I:N/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1777053-4) SAP Support Packages (SAPKB46C66, SAPKB62074, SAPKB64032, SAPKB70030, SAPKB70115, SAPKB70215, SAPKB71018, SAPKB71113, SAPKB72008, SAPKB73011, SAPKB73109, SAPKB73110, SAPKB74001, SAPKB74004)
Описание
Remote callable function module SUSR_USER_PASSWORD_STATUS_GET does not  contain authorization checks for checking an authenticated user's  authorization to access some of its functions. This may result in undesired system behavior.
Как исправить
Apply the correction instruction or implement the Support Package.------------------------------------------------------------------------|Manual Pre-Implement.                                                 |------------------------------------------------------------------------|VALID FOR                                                             ||Software Component   SAP_BASIS                      SAP Basis compo...|| Release 46C          SAPKB46C56 - SAPKB46C65                         |------------------------------------------------------------------------
1. Call transaction SE37
2. In the field "Function Module" enter "SUSR_USER_PASSWORD_STATUS_GET" (without quotes).
3. Press "Change" (confirm "Information" popups, if shown)
4. Change to tab "Exceptions" and add a new exception (new row) with identifier "NOT_AUTHORIZED_FOR_OTHER_USER" (column "Exception") and description "No authorization to display other users" (column "Short text").
5. Press "Save"
Ссылки