Directory traversal with read-only directory traversal: Apache MyFaces that is used by Web Channel Experience Management contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
Available fix and Supported packages
- SAP-WEC-FRW | 2.0 | 2.0
- WEB CHANNEL 2.0 | SP000 | 000006
- WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000006
- WEB CHANNEL ZERO ADMIN 2.0 | SP000 | 000006
Web Channel: JSF Runtime
Exploit is not available.
For detailed information please contact the mail [email protected].