Lucene search

SapCVE-2023-49058

HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-49058

2023-12-1201:15:12

CWE-22

sap

web.nvd.nist.gov

sap

master data governance

file upload

cve-2023-49058

vulnerability

security

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Affected configurations

Nvd

Node

sapmaster_data_governanceMatch731

sapmaster_data_governanceMatch732

sapmaster_data_governanceMatch746

sapmaster_data_governanceMatch747

sapmaster_data_governanceMatch748

sapmaster_data_governanceMatch749

sapmaster_data_governanceMatch751

sapmaster_data_governanceMatch752

sapmaster_data_governanceMatch800

sapmaster_data_governanceMatch801

sapmaster_data_governanceMatch802

sapmaster_data_governanceMatch803

sapmaster_data_governanceMatch804

sapmaster_data_governanceMatch805

sapmaster_data_governanceMatch806

sapmaster_data_governanceMatch807

sapmaster_data_governanceMatch808

VendorProductVersionCPE
sapmaster_data_governance731cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*
sapmaster_data_governance732cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*
sapmaster_data_governance746cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*
sapmaster_data_governance747cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*
sapmaster_data_governance748cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*
sapmaster_data_governance749cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*
sapmaster_data_governance751cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*
sapmaster_data_governance752cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*
sapmaster_data_governance800cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*
sapmaster_data_governance801cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	master_data_governance	731	cpe:2.3:a:sap:master_data_governance:731:::::::*
sap	master_data_governance	732	cpe:2.3:a:sap:master_data_governance:732:::::::*
sap	master_data_governance	746	cpe:2.3:a:sap:master_data_governance:746:::::::*
sap	master_data_governance	747	cpe:2.3:a:sap:master_data_governance:747:::::::*
sap	master_data_governance	748	cpe:2.3:a:sap:master_data_governance:748:::::::*
sap	master_data_governance	749	cpe:2.3:a:sap:master_data_governance:749:::::::*
sap	master_data_governance	751	cpe:2.3:a:sap:master_data_governance:751:::::::*
sap	master_data_governance	752	cpe:2.3:a:sap:master_data_governance:752:::::::*
sap	master_data_governance	800	cpe:2.3:a:sap:master_data_governance:800:::::::*
sap	master_data_governance	801	cpe:2.3:a:sap:master_data_governance:801:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Master Data Governance",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "MDG_FND 731"
      },
      {
        "status": "affected",
        "version": "MDG_FND 732"
      },
      {
        "status": "affected",
        "version": "MDG_FND 746"
      },
      {
        "status": "affected",
        "version": "MDG_FND 747"
      },
      {
        "status": "affected",
        "version": "MDG_FND 748"
      },
      {
        "status": "affected",
        "version": "MDG_FND 749"
      },
      {
        "status": "affected",
        "version": "MDG_FND 752"
      },
      {
        "status": "affected",
        "version": "MDG_FND 800"
      },
      {
        "status": "affected",
        "version": "MDG_FND 802"
      },
      {
        "status": "affected",
        "version": "MDG_FND 803"
      },
      {
        "status": "affected",
        "version": "MDG_FND 804"
      },
      {
        "status": "affected",
        "version": "MDG_FND 805"
      },
      {
        "status": "affected",
        "version": "MDG_FND 806"
      },
      {
        "status": "affected",
        "version": "MDG_FND 807"
      },
      {
        "status": "affected",
        "version": "MDG_FND 808"
      },
      {
        "status": "affected",
        "version": "SAP_BS_FND 702"
      }
    ]
  }
]

References

me.sap.com/notes/3363690

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.2%

JSON

Related for CVE-2023-49058