Skip links

Directory traversal in Web Channel Experience Management, SAP security note 1743637

Description

Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Available fix and Supported packages

  • SAP-WEC-FRW | 2.0 | 2.0
  • WEB CHANNEL 2.0 | SP000 | 000006
  • WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
  • WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006

Affected component

    WEC-FRW-JSF
    Web Channel: JSF Runtime

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1743637

TAGS

#Directory-traversal
#Web-Channel-Experience-Management

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies