• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1757675 - Directory traversal in DI_CMS, LM-TOOLS, LM-CTS, SAP_DEVINF

Главная Специалистам База уязвимостей Note 1757675 - Directory traversal in DI_CMS, LM-TOOLS, LM-CTS, SAP_DEVINF

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:S/C:N/I:P/A:PSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1757675-5) SAP Support Packages (DI_CHANGE_MGMT_SERVER__701_SP009_000005, DI_CHANGE_MGMT_SERVER__701_SP010_000005, DI_CHANGE_MGMT_SERVER__701_SP011_000003, DI_CHANGE_MGMT_SERVER__701_SP012_000003, DI_CHANGE_MGMT_SERVER__701_SP013_000000, DI_CHANGE_MGMT_SERVER__701_SP014_000000, DI_CHANGE_MGMT_SERVER__701_SP999999_999999, DI_CHANGE_MGMT_SERVER__702_SP007_000004, DI_CHANGE_MGMT_SERVER__702_SP008_000004, DI_CHANGE_MGMT_SERVER__702_SP009_000004, DI_CHANGE_MGMT_SERVER__702_SP010_000003, DI_CHANGE_MGMT_SERVER__702_SP011_000003, DI_CHANGE_MGMT_SERVER__702_SP012_000003, DI_CHANGE_MGMT_SERVER__702_SP013_000000, DI_CHANGE_MGMT_SERVER__702_SP014_000000, DI_CHANGE_MGMT_SERVER__702_SP999999_999999, DI_CHANGE_MGMT_SERVER_700_SP024_000005, DI_CHANGE_MGMT_SERVER_700_SP025_000005, DI_CHANGE_MGMT_SERVER_700_SP026_000003, DI_CHANGE_MGMT_SERVER_700_SP027_000003, DI_CHANGE_MGMT_SERVER_700_SP028_000000, DI_CHANGE_MGMT_SERVER_700_SP029_000000, DI_CHANGE_MGMT_SERVER_700_SP999999_999999, DI_CHANGE_MGMT_SERVER_710_SP012_000001, DI_CHANGE_MGMT_SERVER_710_SP013_000002, DI_CHANGE_MGMT_SERVER_710_SP014_000002, DI_CHANGE_MGMT_SERVER_710_SP015_000002, DI_CHANGE_MGMT_SERVER_710_SP016_000000, DI_CHANGE_MGMT_SERVER_710_SP017_000000, DI_CHANGE_MGMT_SERVER_710_SP999999_999999, DI_CHANGE_MGMT_SERVER_711_SP007_000003, DI_CHANGE_MGMT_SERVER_711_SP008_000002, DI_CHANGE_MGMT_SERVER_711_SP009_000002, DI_CHANGE_MGMT_SERVER_711_SP010_000002, DI_CHANGE_MGMT_SERVER_711_SP011_000000, DI_CHANGE_MGMT_SERVER_711_SP012_000000, DI_CHANGE_MGMT_SERVER_711_SP999999_999999, DI_CHANGE_MGMT_SERVER_720_SP005_000003, DI_CHANGE_MGMT_SERVER_720_SP006_000002, DI_CHANGE_MGMT_SERVER_720_SP007_000002, DI_CHANGE_MGMT_SERVER_720_SP008_000002, DI_CHANGE_MGMT_SERVER_720_SP009_000000, DI_CHANGE_MGMT_SERVER_720_SP999999_999999, DI_CHANGE_MGMT_SERVER_730_SP002_000003, DI_CHANGE_MGMT_SERVER_730_SP003_000003, DI_CHANGE_MGMT_SERVER_730_SP004_000003, DI_CHANGE_MGMT_SERVER_730_SP005_000003, DI_CHANGE_MGMT_SERVER_730_SP007_000002, DI_CHANGE_MGMT_SERVER_730_SP008_000002, DI_CHANGE_MGMT_SERVER_730_SP009_000000, DI_CHANGE_MGMT_SERVER_730_SP999999_999999, DI_CHANGE_MGMT_SERVER_731_SP002_000003, DI_CHANGE_MGMT_SERVER_731_SP003_000003, DI_CHANGE_MGMT_SERVER_731_SP004_000002, DI_CHANGE_MGMT_SERVER_731_SP005_000001, DI_CHANGE_MGMT_SERVER_731_SP006_000000, DI_CHANGE_MGMT_SERVER_731_SP007_000000, DI_CHANGE_MGMT_SERVER_731_SP999999_999999, JDI_640_SP027_000002, JDI_640_SP028_000003, JDI_640_SP029_000002, JDI_640_SP030_000001, JDI_640_SP031_000000, JDI_640_SP032_000000, JDI_640_SP999999_999999, LIFECYCLE_MGMT_TOOLS_701_SP009_000012, LIFECYCLE_MGMT_TOOLS_701_SP010_000009, LIFECYCLE_MGMT_TOOLS_701_SP011_000004, LIFECYCLE_MGMT_TOOLS_701_SP012_000002, LIFECYCLE_MGMT_TOOLS_701_SP013_000000, LIFECYCLE_MGMT_TOOLS_701_SP999999_999999, LIFECYCLE_MGMT_TOOLS_702_SP007_000011, LIFECYCLE_MGMT_TOOLS_702_SP008_000011, LIFECYCLE_MGMT_TOOLS_702_SP009_000010, LIFECYCLE_MGMT_TOOLS_702_SP010_000009, LIFECYCLE_MGMT_TOOLS_702_SP011_000007, LIFECYCLE_MGMT_TOOLS_702_SP012_000001, LIFECYCLE_MGMT_TOOLS_702_SP013_000000, LIFECYCLE_MGMT_TOOLS_702_SP999999_999999, LM_CTS_720_SP005_000002, LM_CTS_720_SP006_000001, LM_CTS_720_SP007_000002, LM_CTS_720_SP008_000001, LM_CTS_720_SP009_000000, LM_CTS_720_SP999999_999999, LM_CTS_730_SP002_000003, LM_CTS_730_SP003_000002, LM_CTS_730_SP004_000002, LM_CTS_730_SP005_000005, LM_CTS_730_SP007_000004, LM_CTS_730_SP008_000001, LM_CTS_730_SP009_000000, LM_CTS_730_SP999999_999999, LM_CTS_731_SP002_000006, LM_CTS_731_SP003_000005, LM_CTS_731_SP004_000003, LM_CTS_731_SP005_000000, LM_CTS_731_SP006_000000, LM_CTS_731_SP999999_999999)
Описание
Directory traversal with write or read/write authorization:CMS/CM Services fails to correctly validate the path to which a  user-submitted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Check which of the following software components are installed on your Java application server:SAP_DEVINF (Release 6.40)DI_CMS (Release 7.00 to 7.31)LM-TOOLS (Release 7.01 and 7.02)LM-CTS (Release 7.20 to 7.31)If one or more of the software components listed above are installed on your Java application server, install the patch(es) attached to this SAP Note that correspond to the release and the Support Package level of the software components using JSPM, SDM, or SUM.
Ссылки