Description
This note concerns the directory traversal with write authorization, or read and write authorization in the old insurance statutory reporting for the German Federal Supervisory Office for Insurance Associations within the DUEVA (DÜVA) download function in the list programs of the old statements.
The error is found in the following component:
FS-SR-DE
An error permits the reading and writing of any data using the network.
Available fix and Supported packages
- EA-FINSERV | 110 | 110
- EA-FINSERV | 200 | 200
- EA-FINSERV | 500 | 500
- EA-FINSERV | 600 | 600
- EA-FINSERV | 603 | 603
- EA-FINSERV | 604 | 604
- EA-FINSERV | 605 | 605
- BANK/CFM | 463_20 | 463_20
- EA-FINSERV 200 | SAPKGPFB20 |
- EA-FINSERV 500 | SAPKGPFC24 |
- EA-FINSERV 600 | SAPKGPFD19 |
- EA-FINSERV 603 | SAPK-60308INEAFINSRV |
- EA-FINSERV 604 | SAPK-60409INEAFINSRV |
- EA-FINSERV 605 | SAPK-60503INEAFINSRV |
- EA-FINSERV 110 | SAPKGPFA32 |
- EA-FINSERV 200 | SAPKGPFB21 |
- BANK/CFM 463_20 | SAPKIPBJ40 |
Affected component
- FS-SR
Statutory Reporting for Insurancies
CVSS
Score: 0
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1502331
