Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1522787-9)
SAP Support Packages
(SAPKB46B62, SAPKB46C62, SAPKB62070, SAPKB64028, SAPKB70024, SAPKB70108, SAPKB70109, SAPKB70206, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73001, SAPKB73002)
Описание
BC-SRV-KPR-CMS fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Note 1497003 is a prerequisite for this note.
Note 1497003 is a prerequisite for this note.
Как исправить
Refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note.
Logical File Names Used in this Solution:
The following logical file names have been created in order to enable the validation of physical file names: KPRO_IMPORT_EXPORT.
Logical File Names Used in this Solution:
The following logical file names have been created in order to enable the validation of physical file names: KPRO_IMPORT_EXPORT.
Ссылки