Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:C/I:N/A:NSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1779092-5)
SAP Support Packages
(PORTAL_BASIS_710_SP016_000000, PORTAL_BASIS_710_SP017_000000, PORTAL_BASIS_710_SP999999_999999, PORTAL_BASIS_711_SP011_000000, PORTAL_BASIS_711_SP012_000000, PORTAL_BASIS_711_SP999999_999999, PORTAL_BASIS_720_SP008_000006, PORTAL_BASIS_720_SP009_000000, PORTAL_BASIS_720_SP999999_999999, PORTAL_BASIS_730_SP008_000003, PORTAL_BASIS_730_SP009_000000, PORTAL_BASIS_730_SP999999_999999, PORTAL_BASIS_731_SP005_000007, PORTAL_BASIS_731_SP006_000000, PORTAL_BASIS_731_SP007_000000, PORTAL_BASIS_731_SP999999_999999, PORTAL_FRAMEWORK_700_SP028_000000, PORTAL_FRAMEWORK_700_SP029_000000, PORTAL_FRAMEWORK_700_SP999999_999999, PORTAL_FRAMEWORK_701_SP007_000014, PORTAL_FRAMEWORK_701_SP013_000000, PORTAL_FRAMEWORK_701_SP014_000000, PORTAL_FRAMEWORK_701_SP999999_999999, PORTAL_FRAMEWORK_702_SP013_000000, PORTAL_FRAMEWORK_702_SP014_000000, PORTAL_FRAMEWORK_702_SP999999_999999, PORTAL_PLATFORM_60_640_SP030_000002, PORTAL_PLATFORM_60_640_SP031_000000, PORTAL_PLATFORM_60_640_SP999999_999999)
Описание
Directory-Traversal, Read-only directory traversal.SoapApplication fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents.
Как исправить
Under tab "SP Patch Level" within this security note you can check for the appropriate SP Patch Level fixing the security issue.
Ссылки