漏洞类别:Local
漏洞等级: 
漏洞信息
SAP NetWeaver is an integrated technology computing platform and is the technical foundation for many SAP applications since the SAP Business Suite. It provides the development and runtime environment for SAP applications and can be used for custom development and integration with other applications and systems.
The vulnerability exists because of insufficient sanitization of user supplied input received as a file name by the affected software.
Affected Software:
SAP NetWeaver 7.x
漏洞危害
An unauthenticated, remote attacker could exploit this vulnerability by transmitting specially-crafted URL requests containing "dot dot" sequences to read arbitrary files on the targeted system.
解决方案
Registered customers are advised to refer to SAP Security Note 1779578 for patch, upgrade or suggested workaround information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论