Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Directory traversal/SQL injection in SPM1.0, SAP security note 1511877


1. SPM1.0 content contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or alter system behaviour.
2.A malicious user can exploit SPM1.0 code and use specially crafted inputs to modify database commands, resulting in the modification of data persisted by the system.

Available fix and Supported packages

  • BI_CONT | 704 | 704
  • BI_CONT | 705 | 705
  • BI_CONT | 735 | 735
  • BI_CONT 705 | SAPK-70502INBICONT |
  • BI_CONT 704 | SAPK-70410INBICONT |

Affected component

    BW only – BI Content – Spend Analytics


Score: 0


Exploit is not available.
For detailed information please contact the mail [email protected].




More to explorer