Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1514385-3)
SAP Support Packages
(SAPKB46B62, SAPKB46C62, SAPKB62070, SAPKB64027, SAPKB70023, SAPKB70108, SAPKB70206, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73001, SAPKB73002, SAPKH31IB9, SAPKH40B89, SAPKH45B67)
Описание
RSDBGENA fails to restrict the path and filename a logging file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Как исправить
The referenced correction instruction restricts the choice of the filename to RSDBGENA<suffix>.txt where <suffix> can be entered by the user. <suffix> can contain uppercase letters, digits and "_" (under score). The path is restricted to paths accessible by the workprocess.
Ссылки