Skip links

Protection of upgrade tools against acts of sabotage, SAP security note 1526853

Description

If you execute upgrade tools directly in test mode, a malicious user can use a clever selection of input parameters to overwrite or delete system-relevant data or files.

Available fix and Supported packages

  • SAP_APPL | 31I | 31I
  • SAP_APPL | 40A | 40B
  • SAP_APPL | 45A | 45B
  • SAP_BASIS | 46A | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730

Affected component

    BC-UPG-TLS-TLA
    Upgrade tools for ABAP

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1526853

TAGS

#Directory-traversal
#SQL-injection
#code-injection
#upgrade-tools