Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Directory traversal in SAP Product and REACH Compliance, SAP security note 1513492

Description


Read-only directory traversal

SAP Product and REACH Compliance contains a vulnerability through which a malicious user can potentially read arbitrary files on the remote server, possibly disclosing confidential information.

Read-write or write directory traversal

SAP Product and REACH Compliance contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behavior.

Available fix and Supported packages

  • TDAGBCA | 110_500 | 110_500
  • TDAGBCA | 110_600 | 110_600
  • TDAGBCA | 200_500 | 200_500
  • TDAGBCA | 200_600 | 200_600
  • TDAGBCA 200_600 | SAPK-36002INTDAGBCA |
  • TDAGBCA 200_500 | SAPK-35002INTDAGBCA |
  • TDAGBCA 110_500 | SAPK-25005INTDAGBCA |
  • TDAGBCA 110_600 | SAPK-26005INTDAGBCA |

Affected component

    EHS-SRC
    SAP Product and REACH Compliance

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1513492

TAGS

#PRC-2.0-SP02
#Product-and-REACH-Compliance-2.0-Support-Package-02
#REACHSAP-RC-1.1-SP05
#SAP-REACH-Compliance-1.1-Support-Package-05
#DI
#discrete-industryDirectory-traversal
#path-traversal
#transaction-FILE
#XX-PART-SRC

More to explorer

SAP Security For All

RedRays Security Platform for Penetration testers and Bug hunters

The product package is specifically created for cyber security experts who have encountered SAP while participating in bug bounty programs.

RedRays Security Platform for SAP Consultants

The product package is designed for SAP consultants conducting security assessments of SAP ERP systems. We provide essential tools and resources to help professionals in this field conduct their work effectively.

RedRays Security Platform for Enterprises

The product package is specifically optimized to cater to the needs of both small/medium and large companies who are seeking to streamline the process of organizing a comprehensive security system for ERP systems.