Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:N/A:NSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1753378-2)
SAP Support Packages
(J2EE_ENGINE_SERVERCORE_710_SP012_000027, J2EE_ENGINE_SERVERCORE_710_SP013_000018, J2EE_ENGINE_SERVERCORE_710_SP014_000021, J2EE_ENGINE_SERVERCORE_710_SP015_000003, J2EE_ENGINE_SERVERCORE_710_SP016_000000, J2EE_ENGINE_SERVERCORE_710_SP999999_999999, J2EE_ENGINE_SERVERCORE_711_SP007_000028, J2EE_ENGINE_SERVERCORE_711_SP008_000024, J2EE_ENGINE_SERVERCORE_711_SP009_000024, J2EE_ENGINE_SERVERCORE_711_SP010_000006, J2EE_ENGINE_SERVERCORE_711_SP011_000000, J2EE_ENGINE_SERVERCORE_711_SP999999_999999, J2EE_ENGINE_SERVERCORE_720_SP005_000042, J2EE_ENGINE_SERVERCORE_720_SP006_000032, J2EE_ENGINE_SERVERCORE_720_SP007_000027, J2EE_ENGINE_SERVERCORE_720_SP008_000005, J2EE_ENGINE_SERVERCORE_720_SP009_000000, J2EE_ENGINE_SERVERCORE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_730_SP002_000031, J2EE_ENGINE_SERVERCORE_730_SP003_000033, J2EE_ENGINE_SERVERCORE_730_SP004_000029, J2EE_ENGINE_SERVERCORE_730_SP005_000042, J2EE_ENGINE_SERVERCORE_730_SP007_000029, J2EE_ENGINE_SERVERCORE_730_SP008_000001, J2EE_ENGINE_SERVERCORE_730_SP009_000000, J2EE_ENGINE_SERVERCORE_730_SP999999_999999, J2EE_ENGINE_SERVERCORE_731_SP002_000026, J2EE_ENGINE_SERVERCORE_731_SP003_000022, J2EE_ENGINE_SERVERCORE_731_SP004_000014, J2EE_ENGINE_SERVERCORE_731_SP005_000001, J2EE_ENGINE_SERVERCORE_731_SP006_000000, J2EE_ENGINE_SERVERCORE_731_SP999999_999999, SAP_J2EE_ENGINE_640_SP026_000032, SAP_J2EE_ENGINE_640_SP027_000028, SAP_J2EE_ENGINE_640_SP028_000017, SAP_J2EE_ENGINE_640_SP029_000011, SAP_J2EE_ENGINE_640_SP030_000003, SAP_J2EE_ENGINE_640_SP031_000000, SAP_J2EE_ENGINE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_640_SP031_000000, SAP_J2EE_ENGINE_CORE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_700_SP024_000019, SAP_J2EE_ENGINE_CORE_700_SP025_000017, SAP_J2EE_ENGINE_CORE_700_SP026_000015, SAP_J2EE_ENGINE_CORE_700_SP027_000004, SAP_J2EE_ENGINE_CORE_700_SP028_000000, SAP_J2EE_ENGINE_CORE_700_SP999999_999999, SAP_J2EE_ENGINE_CORE_701_SP009_000021, SAP_J2EE_ENGINE_CORE_701_SP010_000020, SAP_J2EE_ENGINE_CORE_701_SP011_000016, SAP_J2EE_ENGINE_CORE_701_SP012_000005, SAP_J2EE_ENGINE_CORE_701_SP013_000000, SAP_J2EE_ENGINE_CORE_701_SP999999_999999, SAP_J2EE_ENGINE_CORE_702_SP007_000024, SAP_J2EE_ENGINE_CORE_702_SP008_000023, SAP_J2EE_ENGINE_CORE_702_SP009_000023, SAP_J2EE_ENGINE_CORE_702_SP010_000019, SAP_J2EE_ENGINE_CORE_702_SP011_000022, SAP_J2EE_ENGINE_CORE_702_SP012_000005, SAP_J2EE_ENGINE_CORE_702_SP013_000000, SAP_J2EE_ENGINE_CORE_702_SP999999_999999)
Описание
The programs specified in the correction instructions contain vulnerabilities through which an attacker can potentially read arbitrary files under one specific directory on the remote server, possibly disclosing confidential information.
Как исправить
Update your AS Java to a fixed version and SP. For more details see "SP Patch Level" section of this note.
Ссылки