Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP HANA
(SAP HANA)
Описание
The system privilege DEVELOPMENT authorizes some internal ALTER SYSTEM commands.
Only the users SYSTEM and _SYS_REPO users have this privilege by default.
No user or role in a production system should have this privilege.
You can verify whether a user or role has the DEVELOPMENT privilege by executing the
statement:
SELECT * FROM EFFECTIVE_PRIVILEGE_GRANTEES WHERE OBJECT_TYPE
= 'SYSTEMPRIVILEGE' AND PRIVILEGE = 'DEVELOPMENT' AND GRANTEE
NOT IN ('SYSTEM','_SYS_REPO');
Only the users SYSTEM and _SYS_REPO users have this privilege by default.
No user or role in a production system should have this privilege.
You can verify whether a user or role has the DEVELOPMENT privilege by executing the
statement:
SELECT * FROM EFFECTIVE_PRIVILEGE_GRANTEES WHERE OBJECT_TYPE
= 'SYSTEMPRIVILEGE' AND PRIVILEGE = 'DEVELOPMENT' AND GRANTEE
NOT IN ('SYSTEM','_SYS_REPO');
Как исправить
Ссылки