Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1775171-1)
SAP Support Packages
(SAPK-60023INFICA, SAPK-60213INFICA, SAPK-60312INFICA, SAPK-60413INFICA, SAPK-60510INFICA, SAPK-60606INFICA, SAPK-61601INFICA, SAPKIPC730, SAPKIPC824)
Описание
FI-CA fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Implement the correction instructions relevant for your release.For additional information and instructions, see SAP Note 1497003.The corrections from SAP Note 1497003 are a prerequisite for implementing this note.Logical file names used in this solutionThe following logical file names have been created to enable the validation of physical file names:
FI-CA-CVS
Logical file names used in this solution are created by implementing the corrections from SAP Note 1507122. SAP Note 1507122 is a prerequisite for the corrections from this SAP Note. The logical file name FI-CA-CVS is reused in the corrections.
FI-CA-CVS
Logical file names used in this solution are created by implementing the corrections from SAP Note 1507122. SAP Note 1507122 is a prerequisite for the corrections from this SAP Note. The logical file name FI-CA-CVS is reused in the corrections.
Ссылки