← Back to CVEs
CVE-2023-49058
LOW3.5
Description
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
CVE Details
CVSS v3.1 Score3.5
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published12/12/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:master_data_governance
Weaknesses (CWE)
CWE-22
References
https://me.sap.com/notes/3363690(cna@sap.com)
https://me.sap.com/notes/3363690(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.