Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1673455-4)
SAP Support Packages
(CRM_IPC_MOBILE_50_SP019_000023, CRM_IPC_MOBILE_50_SP999999_999999, CRM_IPC_MOBILE_60_SP009_000002, CRM_IPC_MOBILE_60_SP999999_999999, CRM_IPC_MOBILE_70_SP010_000002, CRM_IPC_MOBILE_70_SP999999_999999, CRM_IPC_MOBILE_701_SP006_000000, CRM_IPC_MOBILE_701_SP007_000001, CRM_IPC_MOBILE_701_SP999999_999999, CRM_IPC_MOBILE_702_SP001_000002, CRM_IPC_MOBILE_702_SP003_000000, CRM_IPC_MOBILE_702_SP999999_999999)
Описание
The IPC server used by SAP CRM Mobile Sales fails to correctly validate the path to which a user-submitted file is written, or that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents, or overwrite data in the remote system.
Как исправить
To correct the issue apply the java patch valid for your CRM release
from the SAP Service Marketplace.
from the SAP Service Marketplace.
Ссылки