• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1760776 - Directory traversal in PY-NL-RP, PA-PA-NL and PA-PF-NL

Главная Специалистам База уязвимостей Note 1760776 - Directory traversal in PY-NL-RP, PA-PA-NL and PA-PF-NL

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1760776-1) SAP Support Packages (SAPK-470E0INSAPHRCNL, SAPK-500A6INSAPHRCNL, SAPK-60089INSAPHRCNL, SAPK-60455INSAPHRCNL, SAPKE45BF5, SAPKE46BE1, SAPKE46CJ5)
Описание
Read-write or write directory traversal:Directory traversal, PY-NL-RP, PA-PA-NL and PA-PF-NL fail to correctly  validate the path to which a user-submotted file is written. As a  result, an attacker can potentially overwrite data in the remote system.
Как исправить
Please apply this note by its correction instruction to implement the security correction.------------------------------------------------------------------------|Manual Pre-Implement.                                                 |------------------------------------------------------------------------|VALID FOR                                                             ||Software Component   SAP_HR                        R/3 Standard Hu...|| Release 46B          SAPKE46BC4 - SAPKE46BE0                         || Release 46C          SAPKE46CH9 - SAPKE46CJ4                         |------------------------------------------------------------------------If it not already exists, you need to create message HRPANL_EN 511. To do this, carry out the following steps:
Enter Transaction SE91
Ссылки