Skip links

Potential directory traversals in applications, SAP security note 1497003

Description

This Security Note has been updated. See the following notes for details:

    1. 1542033

Potential directory traversals in applications using physical file names or logical file names as input.

Available fix and Supported packages

  • SAP_APPL | 31I | 31I
  • SAP_APPL | 40B | 40B
  • SAP_APPL | 45B | 45B
  • SAP_APPL | 46C | 46C
  • SAP_BASIS | 46A | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730
  • SAP_BASIS | 72L | 72L
  • SAP_APPL 31I | SAPKH31IB9 |
  • SAP_APPL 40B | SAPKH40B89 |
  • SAP_APPL 45B | SAPKH45B67 |
  • SAP_BASIS 46B | SAPKB46B62 |
  • SAP_BASIS 702 | SAPKB70205 |
  • SAP_BASIS 720 | SAPKB72004 |
  • SAP_BASIS 640 | SAPKB64027 |
  • SAP_BASIS 700 | SAPKB70023 |
  • SAP_BASIS 701 | SAPKB70108 |
  • SAP_BASIS 730 | SAPKB73001 |
  • SAP_BASIS 702 | SAPKB70206 |
  • SAP_BASIS 46C | SAPKB46C62 |
  • SAP_BASIS 730 | SAPKB73002 |
  • SAP_BASIS 620 | SAPKB62070 |
  • SAP_BASIS 710 | SAPKB71012 |
  • SAP_BASIS 702 | SAPKB70207 |
  • SAP_BASIS 711 | SAPKB71107 |
  • SAP_BASIS 720 | SAPKB72005 |
  • SAP_BASIS 640 | SAPKB64028 |
  • SAP_BASIS 700 | SAPKB70024 |
  • ACF 7.12 | SP000 | 000035
  • R/3 KERNEL 3.1I_EXT 32-BIT | SP786 | 000786
  • R/3 KERNEL 3.1I_EXT 64-BIT | SP786 | 000786
  • SAP GUI FOR WINDOWS 7.10 CORE | SP002 | 000002
  • SAP ITS 6.20 | SP040 | 000040
  • SAP KERNEL 4.0B_EXT 32-BIT | SP1076 | 001076
  • SAP KERNEL 4.0B_EXT 64-BIT | SP1076 | 001076
  • SAP KERNEL 4.5B_EXT 32-BIT | SP1007 | 001007
  • SAP KERNEL 4.5B_EXT 64-BIT | SP1007 | 001007
  • SAP KERNEL 4.6D_EX2 32-BIT | SP2551 | 002551
  • SAP KERNEL 4.6D_EX2 64-BIT | SP2551 | 002551
  • SAP KERNEL 4.6D_EXT 32-BIT | SP2551 | 002551
  • SAP KERNEL 4.6D_EXT 64-BIT | SP2551 | 002551
  • SAP KERNEL 6.40 32-BIT | SP353 | 000353
  • SAP KERNEL 6.40 32-BIT UNICODE | SP353 | 000353
  • SAP KERNEL 6.40 64-BIT | SP353 | 000353
  • SAP KERNEL 6.40 64-BIT UNICODE | SP353 | 000353
  • SAP KERNEL 6.40_EX2 32-BIT | SP353 | 000353
  • SAP KERNEL 6.40_EX2 32-BIT UC | SP353 | 000353
  • SAP KERNEL 6.40_EX2 64-BIT | SP353 | 000353

Affected component

    BC-CCM-FIL
    Platform independent file names

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1497003

TAGS

#path-traversal
#FILE_VALIDATE_NAME
#FILE_GET_NAME
#FILE
#SF01
#FILE_NOT_FOUND
#LOGICAL_FILENAME_NOT_FOUND
#VALIDATION_FAILED
#SG-001
#805
#806
#807
#808
#809