Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1775317-1)
SAP Support Packages
(SAPK-60023INISPSCA, SAPK-60213INISPSCA, SAPK-60312INISPSCA, SAPK-60413INISPSCA, SAPK-60510INISPSCA, SAPK-60606INISPSCA, SAPK-61601INISPSCA, SAPKIPQF30, SAPKIPQH24)
Описание
FI-CA fails to correctly validate the path to which a user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Implement the correction instructions relevant for your release.SAP Note 1497003 contains further information and instructions.The corrections from SAP Note 1497003 are a prerequisite for implementing this SAP Note.Logical file names used in this solutionThe following logical file names have been created to enable the validation of physical file names:
FI-CA-COL-SUB
The logical file names used in this solution are created with the correction from SAP Note 1584972. Therefore, SAP Note 1584972 is a prerequisite for the correction from this SAP Note. The logical file name FI-CA-COL-SUB is used in the correction again.
FI-CA-COL-SUB
The logical file names used in this solution are created with the correction from SAP Note 1584972. Therefore, SAP Note 1584972 is a prerequisite for the correction from this SAP Note. The logical file name FI-CA-COL-SUB is used in the correction again.
Ссылки