Skip links

Directory traversal in Web Channel Experience Management, SAP security note 1743637


Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Available fix and Supported packages

  • SAP-WEC-FRW | 2.0 | 2.0
  • WEB CHANNEL 2.0 | SP000 | 000006
  • WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
  • WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006

Affected component

    Web Channel: JSF Runtime


Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies