Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1718378-3)
SAP Support Packages
(SAPKW73008, SAPKW73105)
Описание
Query snapshot fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Ensure that SAP Note 1575722 is implemented in the system (including the manual pre-implementation steps).
BW fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Before the implementation of the corrections, you were able to write performance traces using the SPA/GPA parameter RSR_QPROV_RSDRI_PERF if a query is based on QuerySnapShotIndex.
After you implement the corrections, only the following directories can be selected:
UNIX: /tmp/<FILENAME>
WINDOWS NT: <P=DIR_TEMP>\<FILENAME>
If you try to write data under UNIX to /usr/sap/put/my_data, the system rejects this.
The settings are defined in transaction /NFILE. Logical File Path Definition: BW_RSDR
Logical File Name Definition, Cross-Client: BW_RSDR and implement the corrections.
BW fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Before the implementation of the corrections, you were able to write performance traces using the SPA/GPA parameter RSR_QPROV_RSDRI_PERF if a query is based on QuerySnapShotIndex.
After you implement the corrections, only the following directories can be selected:
UNIX: /tmp/<FILENAME>
WINDOWS NT: <P=DIR_TEMP>\<FILENAME>
If you try to write data under UNIX to /usr/sap/put/my_data, the system rejects this.
The settings are defined in transaction /NFILE. Logical File Path Definition: BW_RSDR
Logical File Name Definition, Cross-Client: BW_RSDR and implement the corrections.
Ссылки