Description
SAP Disclosure Management provides capabilities for authorized users to upload and download content of specific file type. In some file types, it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet.
Available fix and Supported packages
- DISCMGMS | 1001 | 1001
- DM SERVER – APPL SERVER 10.1 | SP017 | 000000
Affected component
- EPM-DSM-GEN
DM core functionalities
CVSS
Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/2971180