Skip links
RedRays
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Directory traversal/SQL injection in SPM1.0, SAP security note 1511877

Description

1. SPM1.0 content contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or alter system behaviour.
2.A malicious user can exploit SPM1.0 code and use specially crafted inputs to modify database commands, resulting in the modification of data persisted by the system.

Available fix and Supported packages

  • BI_CONT | 704 | 704
  • BI_CONT | 705 | 705
  • BI_CONT | 735 | 735
  • BI_CONT 705 | SAPK-70502INBICONT |
  • BI_CONT 704 | SAPK-70410INBICONT |

Affected component

    BW-BCT-EPM
    BW only – BI Content – Spend Analytics

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1511877

TAGS

#directory
#traversal
#SQL-injection
#SPM1.0
#Spend-Performance-Management
#xSA
#Spend-Analytics

More to explorer