Описание
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Permissions Required
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
Уязвимость платформы автоматизации бизнес-процессов SAP Business Process Automation, связанная с некорректной обработкой адресных данных, позволяющая нарушителю просмотреть произвольные файлы на сервере
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2