Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1537765-2)
SAP Support Packages
(SAPKH46B62, SAPKH46C62, SAPKH47036, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60504)
Описание
The function modules CV_WRITE_TABLE2FILE and CVDS_WRITE_TABLE2FILE fail to validate the path a user-submitted file is written to. This means that an attacker can potentially overwrite data on the remote system.
Note 1497003 is a prerequisite for this note.
Note 1497003 is a prerequisite for this note.
Как исправить
Refer to note 1497003 for additional information and instructions. The corrections from note 1497003 are a prerequisite for implementation of this note.
Logical File Names Used in this Solution:
The following logical file name has been created in order to enable the validation of physical file names:
DMS_LOG_FILE_PATH.
Logical File Names Used in this Solution:
The following logical file name has been created in order to enable the validation of physical file names:
DMS_LOG_FILE_PATH.
Ссылки