• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1673455 - Directory traversal in SAP CRM Mobile Sales (IPC Server)

Главная Специалистам База уязвимостей Note 1673455 - Directory traversal in SAP CRM Mobile Sales (IPC Server)

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1673455-4) SAP Support Packages (CRM_IPC_MOBILE_50_SP019_000023, CRM_IPC_MOBILE_50_SP999999_999999, CRM_IPC_MOBILE_60_SP009_000002, CRM_IPC_MOBILE_60_SP999999_999999, CRM_IPC_MOBILE_70_SP010_000002, CRM_IPC_MOBILE_70_SP999999_999999, CRM_IPC_MOBILE_701_SP006_000000, CRM_IPC_MOBILE_701_SP007_000001, CRM_IPC_MOBILE_701_SP999999_999999, CRM_IPC_MOBILE_702_SP001_000002, CRM_IPC_MOBILE_702_SP003_000000, CRM_IPC_MOBILE_702_SP999999_999999)
Описание
The IPC server used by SAP CRM Mobile Sales fails to correctly validate  the path to which a user-submitted file is written, or that is used to  reference a file that is read from the remote server. As a result, an  attacker can potentially direct the program to an arbitrary other file  in the system, disclosing its contents, or overwrite data in the remote system.
Как исправить
To correct the issue apply the java patch valid for your CRM release
from the SAP Service Marketplace.
Ссылки