Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1504016-3)
SAP Support Packages
(SAPKB46C61, SAPKB62069, SAPKB64027, SAPKB70023, SAPKB70108, SAPKB70206, SAPKB71011, SAPKB71106, SAPKB72004, SAPKB73001)
Описание
Component BC-DOC-DTL fails to correctly validate the path with which a file that is read from the remote server is referenced. Through this, an attacker can potentially point the program to an arbitrary other file on the system, disclosing its contents.
Component BC-DOC-DTL fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Component BC-DOC-DTL fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Как исправить
Implement the corrections using the Note Assistant or import the relevant Support Package into your SAP system.
After these corrections the affected code is completely disabled.
After these corrections the affected code is completely disabled.
Ссылки