Skip links

Directory Traversal in database interface, SAP security note 1718408

Description

BW contains a vulnerability through which a malicious user can potentially write arbitrary files on the remote server, possibly corrupting data or altering system behavior.

Available fix and Supported packages

  • SAP_BW | 700 | 702
  • SAP_BW | 710 | 730
  • SAP_BW | 731 | 731
  • SAP_BW 710 | SAPKW71015 |
  • SAP_BW 711 | SAPKW71110 |
  • SAP_BW 720 | SAPKW72008 |
  • SAP_BW 702 | SAPKW70212 |
  • SAP_BW 730 | SAPKW73008 |
  • SAP_BW 731 | SAPKW73105 |
  • SAP_BW 700 | SAPKW70030 |
  • SAP_BW 701 | SAPKW70113 |

Affected component

    BW-BEX-OT-DBIF
    Interface to Database

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1718408

TAGS

#Directory-traversal
#FILE_VALIDATE_NAME
#FILE_GET_NAME
#FILE
#BW_RSDR
#LISTCUBE
#FILE_NOT_FOUND
#LOGICAL_FILENAME_NOT_FOUND
#DIR
#QSI
#QuerySnapShot
#_write_trace
#cl_rsdri_qprov_cmp_tc
#RSR_QPROV_RSDRI_PERF
#lrsdrc_infoprov
#download_file_structure