• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1743637 - Directory traversal in Web Channel Experience Management

Главная Специалистам База уязвимостей Note 1743637 - Directory traversal in Web Channel Experience Management

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1743637-2) SAP Support Packages (WEB_CHANNEL_20_SP000_000006, WEB_CHANNEL_20_SP999999_999999, WEB_CHANNEL_FRAMEWORK_20_SP000_000006, WEB_CHANNEL_FRAMEWORK_20_SP999999_999999, WEB_CHANNEL_ZERO_ADMIN_20_SP000_000006, WEB_CHANNEL_ZERO_ADMIN_20_SP999999_999999)
Описание
Directory traversal with read-only directory traversal: Apache MyFaces,  that is used by Web Channel Experience Management fails to correctly  validate the path that is used to reference a file that is read from the  remote server. As a result, an attacker can potentially direct the  program to an arbitrary other file in the system, disclosing its contents.
Как исправить
Import the Support Package patch level that is referenced in this SAP Note or import a higher level.
Ссылки