Podatność CVE-2023-49058


Publikacja: 2023-12-12   Modyfikacja: 2023-12-14

Opis:
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ??traverse to parent directory?? are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Affected software
SAP -> Master data governance 

 Referencje:
https://me.sap.com/notes/3363690
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Copyright 2024, cxsecurity.com

 

Back to Top