ID
VAR-201608-0527
TITLE
SAP NetWeaver AS ABAP Directory Traversal Vulnerability
Trust: 0.3
sources:
BID: 92421
DESCRIPTION
SAP NetWeaver AS ABAP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
Trust: 0.3
sources:
BID: 92421
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver as abap | scope: | eq | version: | 7.4 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.4 | Trust: 0.3 |
sources:
BID: 92421
THREAT TYPE
network
Trust: 0.3
sources:
BID: 92421
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 92421
EXTERNAL IDS
| db: | BID | id: | 92421 | Trust: 0.3 |
sources:
BID: 92421
REFERENCES
| url: | http://www.sap.com | Trust: 0.3 |
| url: | https://erpscan.com/advisories/erpscan-16-031-sap-netweaver-abap-directory-traversal-via-using-read-dataset/ | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/2312966 | Trust: 0.3 |
sources:
BID: 92421
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 92421
SOURCES
| db: | BID | id: | 92421 |
LAST UPDATE DATE
2022-05-17T01:45:18.326000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 92421 | date: | 2016-08-10T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 92421 | date: | 2016-08-10T00:00:00 |