Directory traversal/SQL injection in SPM1.0, SAP security note 1511877

Description

1. SPM1.0 content contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or alter system behaviour.
2.A malicious user can exploit SPM1.0 code and use specially crafted inputs to modify database commands, resulting in the modification of data persisted by the system.

Available fix and Supported packages

BI_CONT | 704 | 704
BI_CONT | 705 | 705
BI_CONT | 735 | 735
BI_CONT 705 | SAPK-70502INBICONT |
BI_CONT 704 | SAPK-70410INBICONT |

Affected component

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1511877

Arpine Maghakyan

Directory traversal/SQL injection in SPM1.0, SAP security note 1511877

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#directory
#traversal
#SQL-injection
#SPM1.0
#Spend-Performance-Management
#xSA
#Spend-Analytics

More to explorer

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

Critical XSS Vulnerability Identified in SAP NetWeaver AS Java

Arpine Maghakyan

Directory traversal/SQL injection in SPM1.0, SAP security note 1511877

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#directory#traversal#SQL-injection#SPM1.0#Spend-Performance-Management#xSA#Spend-Analytics

More to explorer

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

Critical XSS Vulnerability Identified in SAP NetWeaver AS Java

#directory
#traversal
#SQL-injection
#SPM1.0
#Spend-Performance-Management
#xSA
#Spend-Analytics