Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Directory traversal in BW, SAP security note 1575722

Description

BW contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behavior.

Available fix and Supported packages

  • SAP_BW | 700 | 702
  • SAP_BW | 711 | 711
  • SAP_BW | 730 | 730
  • SAP_BW 700 | SAPKW70027 |
  • SAP_BW 701 | SAPKW70110 |
  • SAP_BW 711 | SAPKW71108 |
  • SAP_BW 702 | SAPKW70209 |
  • SAP_BW 730 | SAPKW73004 |

Affected component

    BW-BEX-OT-DBIF
    Interface to Database

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1575722

TAGS

#Directory-traversal
#FILE_VALIDATE_NAME
#FILE_GET_NAME
#FILE
#BW_RSDR
#LISTCUBE
#FILE_NOT_FOUND
#LOGICAL_FILENAME_NOT_FOUND
#DIR

More to explorer