Description
UPDATE 27 August 2019: This note has been revised and released with adjusted correction instructions for Release 700 and 710. Due to the dedicated ST-PI delivery track, the SAP Note seems to have only been delivered in ST-PI 2008_1_46C with SP 0009 (SAPKITLRA9) and not in the other equivalent support package tracks of the other ST-PI releases. However, this delivery was made automatically in the equivalent support packages without the “Support Packages & Patches” specification being created. To explicitly specify the validity, the validity of the correction instructions 700/710 that are still being delivered was manually restricted to ST-PI 2008_1_700 SAPKITLRD8 SP 0008 and ST-PI 2008_1_710 SAPKITLRE8 SP 0008. A CVSS rating has also been added.
ASU Toolbox contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
Available fix and Supported packages
- ST-PI | 2008_1_46C | 2008_1_46C
- ST-PI | 2008_1_620 | 2008_1_620
- ST-PI | 2008_1_640 | 2008_1_640
- ST-PI | 2008_1_700 | 2008_1_700
- ST-PI | 2008_1_710 | 2008_1_710
- ST-PI 2008_1_46C | SAPKITLRA9 |
Affected component
- SV-SMG-ASU
Application Specific Upgrade
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1936262