• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1705800 - Directory traversal in Browse Deployment

Главная Специалистам База уязвимостей Note 1705800 - Directory traversal in Browse Deployment

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:H/AU:S/C:C/I:N/A:N)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1705800-5) SAP Support Packages (PORTAL_700_SP023_000014, PORTAL_700_SP024_000010, PORTAL_700_SP025_000010, PORTAL_700_SP026_000003, PORTAL_700_SP027_000000, PORTAL_700_SP999999_999999, PORTAL_701_SP008_000017, PORTAL_701_SP009_000013, PORTAL_701_SP010_000014, PORTAL_701_SP011_000002, PORTAL_701_SP012_000000, PORTAL_701_SP999999_999999, PORTAL_702_SP006_000015, PORTAL_702_SP007_000014, PORTAL_702_SP008_000010, PORTAL_702_SP009_000012, PORTAL_702_SP010_000010, PORTAL_702_SP011_000002, PORTAL_702_SP012_000000, PORTAL_702_SP999999_999999, PORTAL_PLATFORM_60_640_SP027_000010, PORTAL_PLATFORM_60_640_SP028_000007, PORTAL_PLATFORM_60_640_SP029_000004, PORTAL_PLATFORM_60_640_SP030_000000, PORTAL_PLATFORM_60_640_SP031_000000, PORTAL_PLATFORM_60_640_SP999999_999999)
Описание
The Portal fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary  other file in the system, disclosing its contents.
Как исправить
Under tab "SP Patch Level" within this security note you can check for the appropriate SP Patch Level fixing the security issue.

If you are using SAP Enterprise Portal 7.10 or above, you already received this fix in note 1630293. Please refer to that note for the appropriate SP Patch Level.
Ссылки