Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Directory traversal Download for old FMA in Austria, SAP security note 1502329

Description

This notes concerns the directory traversal with write authorization, or read and write authorization
during the download for the Financial Market Authority (FMA) notifications of the old regulatory reporting in Austria.
The error is found in the following component:

FS-SR-AT

The directory traversal with write authorization, or read and write authorization allows any data to be read or written using the network.

Available fix and Supported packages

  • EA-FINSERV | 110 | 110
  • EA-FINSERV | 200 | 200
  • EA-FINSERV | 500 | 500
  • EA-FINSERV | 600 | 600
  • EA-FINSERV | 603 | 603
  • EA-FINSERV | 604 | 604
  • EA-FINSERV | 605 | 605
  • BANK/CFM | 463_20 | 463_20
  • EA-FINSERV 200 | SAPKGPFB20 |
  • EA-FINSERV 500 | SAPKGPFC24 |
  • EA-FINSERV 600 | SAPKGPFD19 |
  • EA-FINSERV 603 | SAPK-60308INEAFINSRV |
  • EA-FINSERV 604 | SAPK-60409INEAFINSRV |
  • EA-FINSERV 605 | SAPK-60503INEAFINSRV |
  • EA-FINSERV 110 | SAPKGPFA32 |
  • BANK/CFM 463_20 | SAPKIPBJ40 |

Affected component

    FS-SR-AT
    Austria

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1502329

TAGS

#Path-traversal
#directory-traversal
#FSSR_AT_RFVZFIMA

More to explorer