Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1659874-3)
SAP Support Packages
(ESR_710_SP012_000009, ESR_710_SP013_000010, ESR_710_SP014_000005, ESR_710_SP015_000001, ESR_710_SP016_000000, ESR_710_SP999999_999999, ESR_711_SP007_000010, ESR_711_SP008_000009, ESR_711_SP009_000005, ESR_711_SP010_000002, ESR_711_SP011_000000, ESR_711_SP999999_999999, ESR_720_SP005_000004, ESR_720_SP006_000003, ESR_720_SP007_000002, ESR_720_SP008_000000, ESR_720_SP999999_999999, ESR_730_SP002_000015, ESR_730_SP003_000011, ESR_730_SP004_000009, ESR_730_SP005_000016, ESR_730_SP007_000004, ESR_730_SP008_000000, ESR_730_SP999999_999999, ESR_731_SP002_000005, ESR_731_SP003_000002, ESR_731_SP004_000001, ESR_731_SP005_000000, ESR_731_SP999999_999999, XI_ADAPTER_FRAMEWORK_30_SP026_000011, XI_ADAPTER_FRAMEWORK_30_SP027_000008, XI_ADAPTER_FRAMEWORK_30_SP028_000004, XI_ADAPTER_FRAMEWORK_30_SP029_000003, XI_ADAPTER_FRAMEWORK_30_SP030_000001, XI_ADAPTER_FRAMEWORK_30_SP031_000000, XI_ADAPTER_FRAMEWORK_30_SP999999_999999, XI_ADAPTER_FRAMEWORK_700_SP024_000009, XI_ADAPTER_FRAMEWORK_700_SP025_000010, XI_ADAPTER_FRAMEWORK_700_SP026_000006, XI_ADAPTER_FRAMEWORK_700_SP027_000002, XI_ADAPTER_FRAMEWORK_700_SP028_000000, XI_ADAPTER_FRAMEWORK_700_SP999999_999999, XI_ADAPTER_FRAMEWORK_701_SP009_000006, XI_ADAPTER_FRAMEWORK_701_SP010_000004, XI_ADAPTER_FRAMEWORK_701_SP011_000005, XI_ADAPTER_FRAMEWORK_701_SP012_000002, XI_ADAPTER_FRAMEWORK_701_SP013_000000, XI_ADAPTER_FRAMEWORK_701_SP999999_999999, XI_ADAPTER_FRAMEWORK_702_SP007_000004, XI_ADAPTER_FRAMEWORK_702_SP008_000005, XI_ADAPTER_FRAMEWORK_702_SP009_000003, XI_ADAPTER_FRAMEWORK_702_SP010_000002, XI_ADAPTER_FRAMEWORK_702_SP011_000004, XI_ADAPTER_FRAMEWORK_702_SP012_000001, XI_ADAPTER_FRAMEWORK_702_SP013_000000, XI_ADAPTER_FRAMEWORK_702_SP999999_999999, XI_ADAPTER_FRAMEWORK_710_SP012_000011, XI_ADAPTER_FRAMEWORK_710_SP013_000006, XI_ADAPTER_FRAMEWORK_710_SP014_000008, XI_ADAPTER_FRAMEWORK_710_SP015_000002, XI_ADAPTER_FRAMEWORK_710_SP016_000000, XI_ADAPTER_FRAMEWORK_710_SP999999_999999, XI_ADAPTER_FRAMEWORK_711_SP007_000024, XI_ADAPTER_FRAMEWORK_711_SP008_000016, XI_ADAPTER_FRAMEWORK_711_SP009_000009, XI_ADAPTER_FRAMEWORK_711_SP010_000002, XI_ADAPTER_FRAMEWORK_711_SP011_000000, XI_ADAPTER_FRAMEWORK_711_SP999999_999999, XI_ADAPTER_FRAMEWORK_720_SP008_000000, XI_ADAPTER_FRAMEWORK_720_SP999999_999999, XI_ADAPTER_FRAMEWORK_730_SP002_000014, XI_ADAPTER_FRAMEWORK_730_SP003_000027, XI_ADAPTER_FRAMEWORK_730_SP004_000020, XI_ADAPTER_FRAMEWORK_730_SP005_000029, XI_ADAPTER_FRAMEWORK_730_SP007_000010, XI_ADAPTER_FRAMEWORK_730_SP008_000000, XI_ADAPTER_FRAMEWORK_730_SP999999_999999, XI_ADAPTER_FRAMEWORK_731_SP002_000012, XI_ADAPTER_FRAMEWORK_731_SP003_000002, XI_ADAPTER_FRAMEWORK_731_SP004_000001, XI_ADAPTER_FRAMEWORK_731_SP005_000000, XI_ADAPTER_FRAMEWORK_731_SP999999_999999, XI_TOOLS_30_SP026_000012, XI_TOOLS_30_SP027_000009, XI_TOOLS_30_SP028_000007, XI_TOOLS_30_SP029_000003, XI_TOOLS_30_SP030_000001, XI_TOOLS_30_SP031_000000, XI_TOOLS_30_SP999999_999999, XI_TOOLS_700_SP024_000015, XI_TOOLS_700_SP025_000008, XI_TOOLS_700_SP026_000004, XI_TOOLS_700_SP027_000003, XI_TOOLS_700_SP028_000000, XI_TOOLS_700_SP999999_999999, XI_TOOLS_701_SP009_000009, XI_TOOLS_701_SP010_000006, XI_TOOLS_701_SP011_000003, XI_TOOLS_701_SP012_000002, XI_TOOLS_701_SP013_000000, XI_TOOLS_701_SP999999_999999, XI_TOOLS_702_SP007_000008, XI_TOOLS_702_SP008_000007, XI_TOOLS_702_SP009_000006, XI_TOOLS_702_SP010_000005, XI_TOOLS_702_SP011_000005, XI_TOOLS_702_SP012_000001, XI_TOOLS_702_SP013_000000, XI_TOOLS_702_SP999999_999999, XI_TOOLS_710_SP012_000006, XI_TOOLS_710_SP013_000005, XI_TOOLS_710_SP014_000004, XI_TOOLS_710_SP015_000002, XI_TOOLS_710_SP016_000000, XI_TOOLS_710_SP999999_999999, XI_TOOLS_711_SP007_000009, XI_TOOLS_711_SP008_000008, XI_TOOLS_711_SP009_000008, XI_TOOLS_711_SP010_000003, XI_TOOLS_711_SP011_000000, XI_TOOLS_711_SP999999_999999, XI_TOOLS_720_SP008_000000, XI_TOOLS_720_SP999999_999999, XI_TOOLS_730_SP002_000008, XI_TOOLS_730_SP003_000011, XI_TOOLS_730_SP004_000009, XI_TOOLS_730_SP005_000014, XI_TOOLS_730_SP007_000004, XI_TOOLS_730_SP008_000000, XI_TOOLS_730_SP009_000000, XI_TOOLS_730_SP999999_999999, XI_TOOLS_731_SP002_000005, XI_TOOLS_731_SP003_000002, XI_TOOLS_731_SP004_000001, XI_TOOLS_731_SP005_000000, XI_TOOLS_731_SP006_000000, XI_TOOLS_731_SP999999_999999)
Описание
PI Integration Directory and Enterprise Services Repository do not contain authorization checks for checking an authenticated user's authorization to access some of its functions. This may result in undesired system behavior.
Как исправить
We changed the rights of role SAP_XI_APPL_SERV_USER to protect the mentioned applications. Users with this role can't any longer use functions to which they shouldn't have access to.Please update the software components of the Adapter Engine to the patch levels maintained in section "SP Patch Level" of this note or use newer versions.The archives and the support package stack guide can be found on the SAP Service Marketplace as described in SAP Note 952402.
Ссылки