Skip links

Directory Traversal vulnerability in IS-OIL-PRA-REP-TAX and IS-OIL-PRA-REP-ROY, SAP security note 2174147

Description

IS-OIL-PRA-REP-TAX and IS-OIL-PRA-REP-ROY contains a vulnerability through which an attacker can potentially read arbitrary files on the remote server, possibly disclosing confidential information.
IS-OIL-PRA-REP-TAX and IS-OIL-PRA-REP-ROY contains a vulnerability through which an attacker can potentially write arbitrary files to the remote server, possibly corrupting data or altering system behavior.

Available fix and Supported packages

  • IS-OIL | 46C | 46C
  • IS-OIL | 600 | 600
  • IS-OIL | 602 | 602
  • IS-OIL | 603 | 603
  • IS-PRA | 604 | 604
  • IS-PRA | 605 | 605
  • IS-PRA | 606 | 606
  • IS-PRA | 616 | 616
  • IS-PRA | 617 | 617
  • IS-OIL 46C | SAPKI4C144 |
  • IS-OIL 600 | SAPK-60028INISOIL |
  • IS-OIL 602 | SAPK-60218INISOIL |
  • IS-OIL 603 | SAPK-60317INISOIL |
  • IS-PRA 617 | SAPK-61710INISPRA |
  • IS-PRA 604 | SAPK-60418INISPRA |
  • IS-PRA 605 | SAPK-60517INISPRA |
  • IS-PRA 606 | SAPK-60616INISPRA |
  • IS-PRA 616 | SAPK-61610INISPRA |

Affected component

    IS-OIL-PRA-REP
    Reporting

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2174147

TAGS

#Path-traversal
#backtracking
#directory-climbing
#Directory-traversal
#IS-OIL-PRA-REP-TAX-and-IS-OIL-PRA-REP-ROY.