Описание
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*
cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00113
Низкий
3.5 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 3.5
github
около 2 лет назад
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
EPSS
Процентиль: 30%
0.00113
Низкий
3.5 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-22