Attacker can travel to the server directory with “..” in the file name parameter of a URL.
Available fix and Supported packages
- CPM_BPC | 510 | 510
- SAP CPM BPC 5.1 | SP004 | 000000
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.