CVE-2023-49058
Directory Traversal vulnerability in SAP Master Data Governance
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
La aplicación SAP Master Data Governance File Upload permite a un atacante aprovechar la validación insuficiente de la información de ruta proporcionada por los usuarios, por lo que los caracteres que representan "viajar al directorio principal" se pasan a las API del archivo. Como resultado, tiene un bajo impacto en la confidencialidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-20 CVE Reserved
- 2023-12-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-12-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 731 Search vendor "Sap" for product "Master Data Governance" and version "731" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 732 Search vendor "Sap" for product "Master Data Governance" and version "732" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 746 Search vendor "Sap" for product "Master Data Governance" and version "746" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 747 Search vendor "Sap" for product "Master Data Governance" and version "747" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 748 Search vendor "Sap" for product "Master Data Governance" and version "748" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 749 Search vendor "Sap" for product "Master Data Governance" and version "749" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 751 Search vendor "Sap" for product "Master Data Governance" and version "751" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 752 Search vendor "Sap" for product "Master Data Governance" and version "752" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 800 Search vendor "Sap" for product "Master Data Governance" and version "800" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 801 Search vendor "Sap" for product "Master Data Governance" and version "801" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 802 Search vendor "Sap" for product "Master Data Governance" and version "802" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 803 Search vendor "Sap" for product "Master Data Governance" and version "803" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 804 Search vendor "Sap" for product "Master Data Governance" and version "804" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 805 Search vendor "Sap" for product "Master Data Governance" and version "805" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 806 Search vendor "Sap" for product "Master Data Governance" and version "806" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 807 Search vendor "Sap" for product "Master Data Governance" and version "807" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Master Data Governance Search vendor "Sap" for product "Master Data Governance" | 808 Search vendor "Sap" for product "Master Data Governance" and version "808" | - |
Affected
| ||||||