Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:S/C:P/I:N/A:NSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1867210-2)
Описание
Read-only directory traversal:BI-RA-CR fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, an attacker can potentially direct the program to an arbitrary other file in the system, disclosing its contents.
Как исправить
XIR3 customers should apply FixPack 5.5, 6.2, or SP7.BI 4.0 customers should apply Patch 5.9, 6.2, or SP7.
Ссылки