Directory Traversal Vulnerability in FSB, SAP security note 2355339

Description

Flexible Solution Billing (FSB) allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs.

Some well-known impacts of Directory Traversal vulnerability are –

attacker could read content of arbitrary files on the remote server and expose sensitive data
attacker could overwrite, delete, or corrupt arbitrary files on the remote server

Available fix and Supported packages

SOLINVE | 606 | 606
SOLINVE | 607 | 607
SOLINVE | 608 | 608
SOLINVE 606 | SAPK-60603INSOLINVE |
SOLINVE 608 | SAPK-60801INSOLINVE |
SOLINVE 607 | SAPK-60704INSOLINVE |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2355339

Vahagn Vardanian

Directory Traversal Vulnerability in FSB, SAP security note 2355339

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Path-traversal
#backtracking
#directory-climbing

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Directory Traversal Vulnerability in FSB, SAP security note 2355339

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Path-traversal#backtracking#directory-climbing

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#Path-traversal
#backtracking
#directory-climbing