• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1659874 - PI SEC: Missing authorization check in PI Adapter Framework

Главная Специалистам База уязвимостей Note 1659874 - PI SEC: Missing authorization check in PI Adapter Framework

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1659874-3) SAP Support Packages (ESR_710_SP012_000009, ESR_710_SP013_000010, ESR_710_SP014_000005, ESR_710_SP015_000001, ESR_710_SP016_000000, ESR_710_SP999999_999999, ESR_711_SP007_000010, ESR_711_SP008_000009, ESR_711_SP009_000005, ESR_711_SP010_000002, ESR_711_SP011_000000, ESR_711_SP999999_999999, ESR_720_SP005_000004, ESR_720_SP006_000003, ESR_720_SP007_000002, ESR_720_SP008_000000, ESR_720_SP999999_999999, ESR_730_SP002_000015, ESR_730_SP003_000011, ESR_730_SP004_000009, ESR_730_SP005_000016, ESR_730_SP007_000004, ESR_730_SP008_000000, ESR_730_SP999999_999999, ESR_731_SP002_000005, ESR_731_SP003_000002, ESR_731_SP004_000001, ESR_731_SP005_000000, ESR_731_SP999999_999999, XI_ADAPTER_FRAMEWORK_30_SP026_000011, XI_ADAPTER_FRAMEWORK_30_SP027_000008, XI_ADAPTER_FRAMEWORK_30_SP028_000004, XI_ADAPTER_FRAMEWORK_30_SP029_000003, XI_ADAPTER_FRAMEWORK_30_SP030_000001, XI_ADAPTER_FRAMEWORK_30_SP031_000000, XI_ADAPTER_FRAMEWORK_30_SP999999_999999, XI_ADAPTER_FRAMEWORK_700_SP024_000009, XI_ADAPTER_FRAMEWORK_700_SP025_000010, XI_ADAPTER_FRAMEWORK_700_SP026_000006, XI_ADAPTER_FRAMEWORK_700_SP027_000002, XI_ADAPTER_FRAMEWORK_700_SP028_000000, XI_ADAPTER_FRAMEWORK_700_SP999999_999999, XI_ADAPTER_FRAMEWORK_701_SP009_000006, XI_ADAPTER_FRAMEWORK_701_SP010_000004, XI_ADAPTER_FRAMEWORK_701_SP011_000005, XI_ADAPTER_FRAMEWORK_701_SP012_000002, XI_ADAPTER_FRAMEWORK_701_SP013_000000, XI_ADAPTER_FRAMEWORK_701_SP999999_999999, XI_ADAPTER_FRAMEWORK_702_SP007_000004, XI_ADAPTER_FRAMEWORK_702_SP008_000005, XI_ADAPTER_FRAMEWORK_702_SP009_000003, XI_ADAPTER_FRAMEWORK_702_SP010_000002, XI_ADAPTER_FRAMEWORK_702_SP011_000004, XI_ADAPTER_FRAMEWORK_702_SP012_000001, XI_ADAPTER_FRAMEWORK_702_SP013_000000, XI_ADAPTER_FRAMEWORK_702_SP999999_999999, XI_ADAPTER_FRAMEWORK_710_SP012_000011, XI_ADAPTER_FRAMEWORK_710_SP013_000006, XI_ADAPTER_FRAMEWORK_710_SP014_000008, XI_ADAPTER_FRAMEWORK_710_SP015_000002, XI_ADAPTER_FRAMEWORK_710_SP016_000000, XI_ADAPTER_FRAMEWORK_710_SP999999_999999, XI_ADAPTER_FRAMEWORK_711_SP007_000024, XI_ADAPTER_FRAMEWORK_711_SP008_000016, XI_ADAPTER_FRAMEWORK_711_SP009_000009, XI_ADAPTER_FRAMEWORK_711_SP010_000002, XI_ADAPTER_FRAMEWORK_711_SP011_000000, XI_ADAPTER_FRAMEWORK_711_SP999999_999999, XI_ADAPTER_FRAMEWORK_720_SP008_000000, XI_ADAPTER_FRAMEWORK_720_SP999999_999999, XI_ADAPTER_FRAMEWORK_730_SP002_000014, XI_ADAPTER_FRAMEWORK_730_SP003_000027, XI_ADAPTER_FRAMEWORK_730_SP004_000020, XI_ADAPTER_FRAMEWORK_730_SP005_000029, XI_ADAPTER_FRAMEWORK_730_SP007_000010, XI_ADAPTER_FRAMEWORK_730_SP008_000000, XI_ADAPTER_FRAMEWORK_730_SP999999_999999, XI_ADAPTER_FRAMEWORK_731_SP002_000012, XI_ADAPTER_FRAMEWORK_731_SP003_000002, XI_ADAPTER_FRAMEWORK_731_SP004_000001, XI_ADAPTER_FRAMEWORK_731_SP005_000000, XI_ADAPTER_FRAMEWORK_731_SP999999_999999, XI_TOOLS_30_SP026_000012, XI_TOOLS_30_SP027_000009, XI_TOOLS_30_SP028_000007, XI_TOOLS_30_SP029_000003, XI_TOOLS_30_SP030_000001, XI_TOOLS_30_SP031_000000, XI_TOOLS_30_SP999999_999999, XI_TOOLS_700_SP024_000015, XI_TOOLS_700_SP025_000008, XI_TOOLS_700_SP026_000004, XI_TOOLS_700_SP027_000003, XI_TOOLS_700_SP028_000000, XI_TOOLS_700_SP999999_999999, XI_TOOLS_701_SP009_000009, XI_TOOLS_701_SP010_000006, XI_TOOLS_701_SP011_000003, XI_TOOLS_701_SP012_000002, XI_TOOLS_701_SP013_000000, XI_TOOLS_701_SP999999_999999, XI_TOOLS_702_SP007_000008, XI_TOOLS_702_SP008_000007, XI_TOOLS_702_SP009_000006, XI_TOOLS_702_SP010_000005, XI_TOOLS_702_SP011_000005, XI_TOOLS_702_SP012_000001, XI_TOOLS_702_SP013_000000, XI_TOOLS_702_SP999999_999999, XI_TOOLS_710_SP012_000006, XI_TOOLS_710_SP013_000005, XI_TOOLS_710_SP014_000004, XI_TOOLS_710_SP015_000002, XI_TOOLS_710_SP016_000000, XI_TOOLS_710_SP999999_999999, XI_TOOLS_711_SP007_000009, XI_TOOLS_711_SP008_000008, XI_TOOLS_711_SP009_000008, XI_TOOLS_711_SP010_000003, XI_TOOLS_711_SP011_000000, XI_TOOLS_711_SP999999_999999, XI_TOOLS_720_SP008_000000, XI_TOOLS_720_SP999999_999999, XI_TOOLS_730_SP002_000008, XI_TOOLS_730_SP003_000011, XI_TOOLS_730_SP004_000009, XI_TOOLS_730_SP005_000014, XI_TOOLS_730_SP007_000004, XI_TOOLS_730_SP008_000000, XI_TOOLS_730_SP009_000000, XI_TOOLS_730_SP999999_999999, XI_TOOLS_731_SP002_000005, XI_TOOLS_731_SP003_000002, XI_TOOLS_731_SP004_000001, XI_TOOLS_731_SP005_000000, XI_TOOLS_731_SP006_000000, XI_TOOLS_731_SP999999_999999)
Описание
PI Integration Directory and Enterprise Services Repository do not  contain authorization checks for checking an authenticated user's  authorization to access some of its functions. This may result in undesired system behavior.
Как исправить
We changed the rights of role SAP_XI_APPL_SERV_USER to protect the mentioned applications. Users with this role can't any longer use functions to which they shouldn't have access to.Please update the software components of the Adapter Engine to the patch levels maintained in section "SP Patch Level" of this note or use newer versions.The archives and the support package stack guide can be found on the SAP Service Marketplace as described in SAP Note 952402.
Ссылки