Directory traversal in Web Channel Experience Management, SAP security note 1743637

Description

Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Available fix and Supported packages

SAP-WEC-FRW | 2.0 | 2.0
WEB CHANNEL 2.0 | SP000 | 000006
WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1743637

Vahagn Vardanian

Directory traversal in Web Channel Experience Management, SAP security note 1743637

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Directory-traversal
#Web-Channel-Experience-Management

Explore More

SAP Security Training

SAP Security Patch Day – May 2025

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

Vahagn Vardanian

Directory traversal in Web Channel Experience Management, SAP security note 1743637

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Directory-traversal#Web-Channel-Experience-Management

Explore More

SAP Security Training

SAP Security Patch Day – May 2025

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

Special offer for SAP Security Udemy course!

$ 9.99

#Directory-traversal
#Web-Channel-Experience-Management