Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:H/AU:S/C:P/I:P/A:PSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1885611-4)
SAP Support Packages
(SAPK-60314INEAFINSRV, SAPK-60415INEAFINSRV, SAPK-60512INEAFINSRV, SAPK-60609INEAFINSRV, SAPK-61604INEAFINSRV, SAPK-61702INEAFINSRV, SAPKGPFA36, SAPKGPFB25, SAPKGPFC29, SAPKGPFD25, SAPKIPBJ43)
Описание
The program code contains a possibility to define and execute user-defined code that changes the behavior of the system. A valid and authenticated user is required.Depending on the code, the user can: o inject and run their own code, o obtain additional information that should not be displayed, o modify data, delete data, o modify the output of the system, o create new users with higher privileges, o perform a denial of service attack.
Как исправить
see correction instruction below .
Ссылки