Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Protecting directory traversal, SAP security note 1267536

Description

Attacker can travel to the server directory with “..” in the file name parameter of a URL.

Available fix and Supported packages

  • CPM_BPC | 510 | 510
  • SAP CPM BPC 5.1 | SP004 | 000000

Affected component

    EPM-BPC-MS
    Microsoft Version

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1267536

TAGS

#BPC-5.1-SP4-Microsoft
#File-name-parameter
#IM2733239

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.