Skip links
RedRays - Your SAP Security Solution
Picture of Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Directory Traversal Vulnerability in FSB, SAP security note 2355339

Description

Flexible Solution Billing (FSB) allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs.

Some well-known impacts of Directory Traversal vulnerability are –

  • attacker could read content of arbitrary files on the remote server and expose sensitive data
  • attacker could overwrite, delete, or corrupt arbitrary files on the remote server

Available fix and Supported packages

  • SOLINVE | 606 | 606
  • SOLINVE | 607 | 607
  • SOLINVE | 608 | 608
  • SOLINVE 606 | SAPK-60603INSOLINVE |
  • SOLINVE 608 | SAPK-60801INSOLINVE |
  • SOLINVE 607 | SAPK-60704INSOLINVE |

Affected component

    SD-BIL-IV-CB
    Consolidated Billing

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2355339

TAGS

#Path-traversal
#backtracking
#directory-climbing

Explore More

SAP Security Patch Day – September 2025

September 9, 2025

SAP has released its September 2025 security patch package containing 26 security notes addressing critical vulnerabilities across enterprise SAP environments. This release

SAP Security Patch Day – August 2025

August 12, 2025

SAP has released its August 2025 security patch package containing 19 security notes addressing critical vulnerabilities across enterprise SAP environments. This release

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN