Skip links

Funding Management Potential directory traversals, SAP security note 1532960

Description

The default implementation of the BAdI for securitization (import and export of offers, sales and portfolios) in Funding Management permits the reading or writing of arbitrary files to the application server.

Available fix and Supported packages

  • FUNDMGMT | 200 | 200
  • FUNDMGMT 200 | SAPK-20004INFUNDMGMT |

Affected component

    FS-TXS
    Funding Management

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1532960

TAGS

#/TXS/BADI_ABS
#directory-traversal

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies