• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1718378 - Directory Traversal in Query Snapshot

Главная Специалистам База уязвимостей Note 1718378 - Directory Traversal in Query Snapshot

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1718378-3) SAP Support Packages (SAPKW73008, SAPKW73105)
Описание
Query snapshot fails to correctly validate the path to which a  user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Ensure that SAP Note 1575722 is implemented in the system (including the manual pre-implementation steps).

BW fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Before the implementation of the corrections, you were able to write performance traces using the SPA/GPA parameter RSR_QPROV_RSDRI_PERF if a query is based on QuerySnapShotIndex.

After you implement the corrections, only the following directories can be selected:


UNIX: /tmp/<FILENAME>
WINDOWS NT: <P=DIR_TEMP>\<FILENAME>

If you try to write data under UNIX to /usr/sap/put/my_data, the system rejects this.
The settings are defined in transaction /NFILE. Logical File Path Definition: BW_RSDR
Logical File Name Definition, Cross-Client: BW_RSDR and implement the corrections.
Ссылки