Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

CVE-2019-0259 Unrestricted File Upload vulnerability in BO 4.2/ Visual Difference, SAP security note 2727564

Description

BO 4.2/ Visual Difference allows an attacker to upload any file (including script files) without proper file format validation.

Some well-known impacts of Unrestricted File Upload vulnerability are –

  • malicious file insertion or modification
  • make the Web site vulnerable to some other attacks such as XSS

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • ENTERPRISE | 430 | 430
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 000500
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000000
  • SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000

Affected component

    BI-BIP-VD
    Visual difference

CVSS

Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2727564

TAGS

#Upload-of-untrusted-files
#File-upload-vulnerability
#visual-difference
#&160-CVE-2019-0259

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,