Описание
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
Ссылки
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:saf-t_framework:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:602:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:603:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:604:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:605:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:606:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:720:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:s4core_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:sap_appl_600:*:*:*:*:*:*:*
cpe:2.3:a:sap:saf-t_framework:sap_fin_617:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00467
Низкий
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
около 4 лет назад
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
EPSS
Процентиль: 64%
0.00467
Низкий
7.7 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22