Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Protecting directory traversal, SAP security note 1267536

Description

Attacker can travel to the server directory with “..” in the file name parameter of a URL.

Available fix and Supported packages

  • CPM_BPC | 510 | 510
  • SAP CPM BPC 5.1 | SP004 | 000000

Affected component

    EPM-BPC-MS
    Microsoft Version

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1267536

TAGS

#BPC-5.1-SP4-Microsoft
#File-name-parameter
#IM2733239

More to explorer