• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1823566 - Potential information disclosure relating to SolutionManager

Главная Специалистам База уязвимостей Note 1823566 - Potential information disclosure relating to SolutionManager

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:S/C:P/I:N/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1823566-3) SAP Support Packages (SAP_KERNEL_720_32_BIT_SP417_000417, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP417_000417, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP417_000417, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP417_000417, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_32_BIT_SP110_000110, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP110_000110, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_UC_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_738_64_BIT_SP014_000014, SAP_KERNEL_738_64_BIT_SP999999_999999, SAP_KERNEL_738_64_BIT_UNICODE_SP014_000014, SAP_KERNEL_738_64_BIT_UNICODE_SP999999_999999, SAPKB70029, SAPKB70114, SAPKB70214, SAPKB71017, SAPKB71112, SAPKB72008, SAPKB73010, SAPKB73108, SAPKB74003)
Описание
Information such as the landscape configuration data and database user passwords can be discovered using SAP Solution Manager.This information may be used by an attacker to further target SAP database.Note that the user and password for database connections created in old  versions of SAP Solution Manager are stored in table DBCON instead of  separation of the user and connection information apart from the  password. These information is kept and may have been residing in your system for ages.
Как исправить
Ссылки