Description
Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
Available fix and Supported packages
- SAP-WEC-FRW | 2.0 | 2.0
- WEB CHANNEL 2.0 | SP000 | 000006
- WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
- WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006
Affected component
- WEC-FRW-JSF
Web Channel: JSF Runtime
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1743637