Skip links

Directory traversal Download for old FMA in Austria, SAP security note 1502329

Description

This notes concerns the directory traversal with write authorization, or read and write authorization
during the download for the Financial Market Authority (FMA) notifications of the old regulatory reporting in Austria.
The error is found in the following component:

FS-SR-AT

The directory traversal with write authorization, or read and write authorization allows any data to be read or written using the network.

Available fix and Supported packages

  • EA-FINSERV | 110 | 110
  • EA-FINSERV | 200 | 200
  • EA-FINSERV | 500 | 500
  • EA-FINSERV | 600 | 600
  • EA-FINSERV | 603 | 603
  • EA-FINSERV | 604 | 604
  • EA-FINSERV | 605 | 605
  • BANK/CFM | 463_20 | 463_20
  • EA-FINSERV 200 | SAPKGPFB20 |
  • EA-FINSERV 500 | SAPKGPFC24 |
  • EA-FINSERV 600 | SAPKGPFD19 |
  • EA-FINSERV 603 | SAPK-60308INEAFINSRV |
  • EA-FINSERV 604 | SAPK-60409INEAFINSRV |
  • EA-FINSERV 605 | SAPK-60503INEAFINSRV |
  • EA-FINSERV 110 | SAPKGPFA32 |
  • BANK/CFM 463_20 | SAPKIPBJ40 |

Affected component

    FS-SR-AT
    Austria

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1502329

TAGS

#Path-traversal
#directory-traversal
#FSSR_AT_RFVZFIMA

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies