Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1509883-2)
SAP Support Packages
(SAPK-60019INFICA, SAPK-60209INFICA, SAPK-60308INFICA, SAPK-60409INFICA, SAPK-60503INFICA)
Описание
The programs contained in the correction instructions fails to correctly validate the path which a file that is read or changed from remote server is referenced. This means that an attacker can potentially read or change data on the remote system.
Как исправить
Please implement the attached correction instruction.
Please refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note.
Logical File Names Used in this Solution
The following logical file names have been created in order to enable the validation of physical file names in Report RFKKBI_FILEEDIT:
FICA_DATA_TRANSFER_DIR
Logical File Paths Used in this Solution
FICA_DATA_TRANSFER_DIR
Please refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note.
Logical File Names Used in this Solution
The following logical file names have been created in order to enable the validation of physical file names in Report RFKKBI_FILEEDIT:
FICA_DATA_TRANSFER_DIR
Logical File Paths Used in this Solution
FICA_DATA_TRANSFER_DIR
Ссылки