Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1743637-2)
SAP Support Packages
(WEB_CHANNEL_20_SP000_000006, WEB_CHANNEL_20_SP999999_999999, WEB_CHANNEL_FRAMEWORK_20_SP000_000006, WEB_CHANNEL_FRAMEWORK_20_SP999999_999999, WEB_CHANNEL_ZERO_ADMIN_20_SP000_000006, WEB_CHANNEL_ZERO_ADMIN_20_SP999999_999999)
Описание
Directory traversal with read-only directory traversal: Apache MyFaces, that is used by Web Channel Experience Management fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents.
Как исправить
Import the Support Package patch level that is referenced in this SAP Note or import a higher level.
Ссылки