Potential directory traversals in applications, SAP security note 1497003

Description

This Security Note has been updated. See the following notes for details:

1. 1542033

Potential directory traversals in applications using physical file names or logical file names as input.

Available fix and Supported packages

SAP_APPL | 31I | 31I
SAP_APPL | 40B | 40B
SAP_APPL | 45B | 45B
SAP_APPL | 46C | 46C
SAP_BASIS | 46A | 46D
SAP_BASIS | 610 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 730
SAP_BASIS | 72L | 72L
SAP_APPL 31I | SAPKH31IB9 |
SAP_APPL 40B | SAPKH40B89 |
SAP_APPL 45B | SAPKH45B67 |
SAP_BASIS 46B | SAPKB46B62 |
SAP_BASIS 702 | SAPKB70205 |
SAP_BASIS 720 | SAPKB72004 |
SAP_BASIS 640 | SAPKB64027 |
SAP_BASIS 700 | SAPKB70023 |
SAP_BASIS 701 | SAPKB70108 |
SAP_BASIS 730 | SAPKB73001 |
SAP_BASIS 702 | SAPKB70206 |
SAP_BASIS 46C | SAPKB46C62 |
SAP_BASIS 730 | SAPKB73002 |
SAP_BASIS 620 | SAPKB62070 |
SAP_BASIS 710 | SAPKB71012 |
SAP_BASIS 702 | SAPKB70207 |
SAP_BASIS 711 | SAPKB71107 |
SAP_BASIS 720 | SAPKB72005 |
SAP_BASIS 640 | SAPKB64028 |
SAP_BASIS 700 | SAPKB70024 |
ACF 7.12 | SP000 | 000035
R/3 KERNEL 3.1I_EXT 32-BIT | SP786 | 000786
R/3 KERNEL 3.1I_EXT 64-BIT | SP786 | 000786
SAP GUI FOR WINDOWS 7.10 CORE | SP002 | 000002
SAP ITS 6.20 | SP040 | 000040
SAP KERNEL 4.0B_EXT 32-BIT | SP1076 | 001076
SAP KERNEL 4.0B_EXT 64-BIT | SP1076 | 001076
SAP KERNEL 4.5B_EXT 32-BIT | SP1007 | 001007
SAP KERNEL 4.5B_EXT 64-BIT | SP1007 | 001007
SAP KERNEL 4.6D_EX2 32-BIT | SP2551 | 002551
SAP KERNEL 4.6D_EX2 64-BIT | SP2551 | 002551
SAP KERNEL 4.6D_EXT 32-BIT | SP2551 | 002551
SAP KERNEL 4.6D_EXT 64-BIT | SP2551 | 002551
SAP KERNEL 6.40 32-BIT | SP353 | 000353
SAP KERNEL 6.40 32-BIT UNICODE | SP353 | 000353
SAP KERNEL 6.40 64-BIT | SP353 | 000353
SAP KERNEL 6.40 64-BIT UNICODE | SP353 | 000353
SAP KERNEL 6.40_EX2 32-BIT | SP353 | 000353
SAP KERNEL 6.40_EX2 32-BIT UC | SP353 | 000353
SAP KERNEL 6.40_EX2 64-BIT | SP353 | 000353

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1497003

Vahagn Vardanian

Potential directory traversals in applications, SAP security note 1497003

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#path-traversal
#FILE_VALIDATE_NAME
#FILE_GET_NAME
#FILE
#SF01
#FILE_NOT_FOUND
#LOGICAL_FILENAME_NOT_FOUND
#VALIDATION_FAILED
#SG-001
#805
#806
#807
#808
#809

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Potential directory traversals in applications, SAP security note 1497003

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#path-traversal#FILE_VALIDATE_NAME#FILE_GET_NAME#FILE#SF01#FILE_NOT_FOUND#LOGICAL_FILENAME_NOT_FOUND#VALIDATION_FAILED#SG-001#805#806#807#808#809

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#path-traversal
#FILE_VALIDATE_NAME
#FILE_GET_NAME
#FILE
#SF01
#FILE_NOT_FOUND
#LOGICAL_FILENAME_NOT_FOUND
#VALIDATION_FAILED
#SG-001
#805
#806
#807
#808
#809