• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1812645 - Missing authorization check in JIT

Главная Специалистам База уязвимостей Note 1812645 - Missing authorization check in JIT

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:N/I:P/A:PSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1812645-7) SAP Support Packages (SAPK-60024INECCDIMP, SAPK-60214INECCDIMP, SAPK-60312INECCDIMP, SAPK-60313INECCDIMP, SAPK-60413INECCDIMP, SAPK-60414INECCDIMP, SAPK-60510INECCDIMP, SAPK-60511INECCDIMP, SAPK-60607INECCDIMP, SAPK-60608INECCDIMP, SAPK-61602INECCDIMP, SAPK-61603INECCDIMP, SAPKIPMH18)
Описание
JIT does not contain authorization checks for checking an authenticated  user's authorization to access some of its functions. This may result in undesired system behavior.
Как исправить
Implement the attached corrections.------------------------------------------------------------------------|Manual Activity                                                       |------------------------------------------------------------------------|VALID FOR                                                             ||Software Component   ECC-DIMP                      ECC Discrete In...|| Release 500          Until SAPKIPMH17                                || Release 600          SAPK-60001INECCDIMP - SAPK-60023INECCDIMP       || Release 602          Until SAPK-60213INECCDIMP                       || Release 603          Until SAPK-60312INECCDIMP                       || Release 604          SAPK-60401INECCDIMP - SAPK-60413INECCDIMP       || Release 605          Until SAPK-60510INECCDIMP                       || Release 606          SAPK-60601INECCDIMP - SAPK-60607INECCDIMP       || Release 616          Until SAPK-61602INECCDIMP                       || Release 617          All Support Package Levels                      |------------------------------------------------------------------------Please follow steps mentioned below to maintain message and long text:
Goto transaction SE91 and enter Message class 'jit00'.
Select radio button 'Messages' and enter Number '114' and click on 'Change' button.
Enter message short text as 'No authorization in some plants to carry out this operation'
Uncheck box 'SelfExplanatory' and enter following for long text:
                    Diagnosis
                    You have got authorization to carry out this operation only for some plants.  Data for plants in which you already have authorization is displayed.
                    System Response
                    
                    Procedure
                    If you require authorization for all plants, contact your system adminstrator.
                    Authorization object:
                    Procedure for System Administration
Ссылки