Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1514017-4)
SAP Support Packages
(SAPKH60503, SAPKH60504)
Описание
Transactions CL6E and CL6F fail to correctly validate the path with which a file that is read from the remote server is referenced. This means that an attacker can potentially point the program to an arbitrary other file on the system, disclosing its contents.
Как исправить
The corrections attached to this note enhance the corrections contained in Note 1509794. Implement the changes in accordance with this advance correction.
Transaction CL6E uses the logical file name DIN_CLASS, transaction CL6F uses the logical file name DIN_CHARACTERISTIC.
Also refer to the information contained in Note 1497003. The program changes from Note 1497003 are also a prerequisite for this note.
Transaction CL6E uses the logical file name DIN_CLASS, transaction CL6F uses the logical file name DIN_CHARACTERISTIC.
Also refer to the information contained in Note 1497003. The program changes from Note 1497003 are also a prerequisite for this note.
Ссылки
