• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1881391 - MDX: XML for Analysis - known security holes

Главная Специалистам База уязвимостей Note 1881391 - MDX: XML for Analysis - known security holes

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:S/C:P/I:N/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1881391-2)
Описание
When the XMLA interface is called, the system processes and parses xml documents.Existing security holes can be used for various attacks.These attacks may occur if the relevant service is activated in the  Internet Communication Framework. This means, they may also occur even  if no application exists that actually reads data using this interface.Among others, the following products can read data using the XMLA interface:Microsoft Reporting Services, also refer to SAP Note 1868077.Oracle Business Intelligence Enterprise Edition
Как исправить
Security notes 1530454 and 1597066 closed known security holes.If no access occurs using the XMLA interface in a BW system, this interface should be deactivated.The relevant service can be deactivated in the Internet Communication Framework (transaction SICF).Service path: /default_host/sap/bw/xml/soap/Service: xmla
Ссылки