Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1760776-1)
SAP Support Packages
(SAPK-470E0INSAPHRCNL, SAPK-500A6INSAPHRCNL, SAPK-60089INSAPHRCNL, SAPK-60455INSAPHRCNL, SAPKE45BF5, SAPKE46BE1, SAPKE46CJ5)
Описание
Read-write or write directory traversal:Directory traversal, PY-NL-RP, PA-PA-NL and PA-PF-NL fail to correctly validate the path to which a user-submotted file is written. As a result, an attacker can potentially overwrite data in the remote system.
Как исправить
Please apply this note by its correction instruction to implement the security correction.------------------------------------------------------------------------|Manual Pre-Implement. |------------------------------------------------------------------------|VALID FOR ||Software Component SAP_HR R/3 Standard Hu...|| Release 46B SAPKE46BC4 - SAPKE46BE0 || Release 46C SAPKE46CH9 - SAPKE46CJ4 |------------------------------------------------------------------------If it not already exists, you need to create message HRPANL_EN 511. To do this, carry out the following steps:
Enter Transaction SE91
Enter Transaction SE91
Ссылки