• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1779092 - Directory traversal in the portal SoapApplication

Главная Специалистам База уязвимостей Note 1779092 - Directory traversal in the portal SoapApplication

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:C/I:N/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1779092-5) SAP Support Packages (PORTAL_BASIS_710_SP016_000000, PORTAL_BASIS_710_SP017_000000, PORTAL_BASIS_710_SP999999_999999, PORTAL_BASIS_711_SP011_000000, PORTAL_BASIS_711_SP012_000000, PORTAL_BASIS_711_SP999999_999999, PORTAL_BASIS_720_SP008_000006, PORTAL_BASIS_720_SP009_000000, PORTAL_BASIS_720_SP999999_999999, PORTAL_BASIS_730_SP008_000003, PORTAL_BASIS_730_SP009_000000, PORTAL_BASIS_730_SP999999_999999, PORTAL_BASIS_731_SP005_000007, PORTAL_BASIS_731_SP006_000000, PORTAL_BASIS_731_SP007_000000, PORTAL_BASIS_731_SP999999_999999, PORTAL_FRAMEWORK_700_SP028_000000, PORTAL_FRAMEWORK_700_SP029_000000, PORTAL_FRAMEWORK_700_SP999999_999999, PORTAL_FRAMEWORK_701_SP007_000014, PORTAL_FRAMEWORK_701_SP013_000000, PORTAL_FRAMEWORK_701_SP014_000000, PORTAL_FRAMEWORK_701_SP999999_999999, PORTAL_FRAMEWORK_702_SP013_000000, PORTAL_FRAMEWORK_702_SP014_000000, PORTAL_FRAMEWORK_702_SP999999_999999, PORTAL_PLATFORM_60_640_SP030_000002, PORTAL_PLATFORM_60_640_SP031_000000, PORTAL_PLATFORM_60_640_SP999999_999999)
Описание
Directory-Traversal, Read-only directory traversal.SoapApplication fails to correctly validate the path that is used to  reference a file that is read from the remote server. As a result, an  attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents.
Как исправить
Under tab "SP Patch Level" within this security note you can check for the appropriate SP Patch Level fixing the security issue.
Ссылки