CVE-2023-49058

Directory Traversal vulnerability in SAP Master Data Governance

CVSS 3.5 LOWEPSS 0.6%CWE-22

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 dez 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

SAP_SE · SAP Master Data Governance

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3363690 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html