• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1831985 - Command injection vulnerability in SAP Netweaver IdM

Главная Специалистам База уязвимостей Note 1831985 - Command injection vulnerability in SAP Netweaver IdM

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1831985-3) SAP Support Packages (NW_IDM_72_UIS_FOR_NW_700_SP007_000002, NW_IDM_72_UIS_FOR_NW_700_SP999999_999999, NW_IDM_72_UIS_FOR_NW_710_SP007_000002, NW_IDM_72_UIS_FOR_NW_710_SP999999_999999, NW_IDM_IC_710_UIS_FOR_NW_700_SP007_000003, NW_IDM_IC_710_UIS_FOR_NW_700_SP008_000000, NW_IDM_IC_710_UIS_FOR_NW_700_SP999999_999999, NW_IDM_IC_710_UIS_FOR_NW_710_SP007_000003, NW_IDM_IC_710_UIS_FOR_NW_710_SP008_000000, NW_IDM_IC_710_UIS_FOR_NW_710_SP999999_999999)
Описание
An enduser can assign himself any business role or potentially also any  privilege without that an approval is done. A valid and authenticated user is required.
Как исправить
Apply the attached patches for the following versions:    o  SAP NetWeaver Identity Management 7.1 SP7 User Interface    o  SAP NetWeaver Identity Management 7.2 SP7 User InterfaceNo patch is required as of:    o  SAP NetWeaver Identity Management 7.1 SP8    o  SAP NetWeaver Identity Management 7.2 SP8
Ссылки