Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1535492-2)
SAP Support Packages
(SAPKY50019, SAPKY51015, SAPKY70009, SAPKY70104)
Описание
The reports /FRE/FU_TOOLS_TS_FILE_LOAD und /FRE/FU_TOOLS_FILE_COPY fail to correctly validate the path with which a file that is read from the remote server is referenced. Through this, an attacker can potentially point the program to an arbitrary other file on the system, disclosing its contents.
The report /FRE/FU_TOOLS_FILE_COPY fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
The report /FRE/FU_TOOLS_FILE_COPY fails to correctly validate the path a user-submitted file is written to. Through this, an attacker can potentially overwrite data on the remote system.
Как исправить
Ссылки