SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NSap Netweaver
APPSap7.107.117.207.307.317.407.50
Powiązane podatności
SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści
SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an ...
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() ...