Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Directory traversal in Web Channel Experience Management, SAP security note 1743637

Description

Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Available fix and Supported packages

  • SAP-WEC-FRW | 2.0 | 2.0
  • WEB CHANNEL 2.0 | SP000 | 000006
  • WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
  • WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006

Affected component

    WEC-FRW-JSF
    Web Channel: JSF Runtime

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1743637

TAGS

#Directory-traversal
#Web-Channel-Experience-Management

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer