Overwriting of files in upgrade or EHPI, SAP security note 1514066

Description

Exception: This security note is relevant only for newly installed systems or those that have not yet been changed using Software Update Manager 1.0 or 2.0. If you have used Software Update Manager since 2014, set the processing status of this SAP Note to ‘Not Relevant’.

Programs of the update tools sometimes create files in the file system of the application server. Therefore, the system may sometimes access files that are located in directory areas that are not intended for this context.

Available fix and Supported packages

SAP_APPL | 31I | 31I
SAP_APPL | 40A | 40B
SAP_APPL | 45A | 45B
SAP_BASIS | 46A | 46D
SAP_BASIS | 610 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 730

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1514066

Vahagn Vardanian

Overwriting of files in upgrade or EHPI, SAP security note 1514066

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Upgrade
#EHPI
#directory-traversal
#data-integrity

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Overwriting of files in upgrade or EHPI, SAP security note 1514066

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Upgrade#EHPI#directory-traversal#data-integrity

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#Upgrade
#EHPI
#directory-traversal
#data-integrity