Lucene search

[email protected]NVD:CVE-2023-49058

HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-49058

2023-12-1201:15:12

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-49058

exploit

insufficient validation

path information

file apis

confidentiality

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

18.2%

JSON

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Affected configurations

Nvd

Node

sapmaster_data_governanceMatch731

sapmaster_data_governanceMatch732

sapmaster_data_governanceMatch746

sapmaster_data_governanceMatch747

sapmaster_data_governanceMatch748

sapmaster_data_governanceMatch749

sapmaster_data_governanceMatch751

sapmaster_data_governanceMatch752

sapmaster_data_governanceMatch800

sapmaster_data_governanceMatch801

sapmaster_data_governanceMatch802

sapmaster_data_governanceMatch803

sapmaster_data_governanceMatch804

sapmaster_data_governanceMatch805

sapmaster_data_governanceMatch806

sapmaster_data_governanceMatch807

sapmaster_data_governanceMatch808

VendorProductVersionCPE
sapmaster_data_governance731cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*
sapmaster_data_governance732cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*
sapmaster_data_governance746cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*
sapmaster_data_governance747cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*
sapmaster_data_governance748cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*
sapmaster_data_governance749cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*
sapmaster_data_governance751cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*
sapmaster_data_governance752cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*
sapmaster_data_governance800cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*
sapmaster_data_governance801cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	master_data_governance	731	cpe:2.3:a:sap:master_data_governance:731:::::::*
sap	master_data_governance	732	cpe:2.3:a:sap:master_data_governance:732:::::::*
sap	master_data_governance	746	cpe:2.3:a:sap:master_data_governance:746:::::::*
sap	master_data_governance	747	cpe:2.3:a:sap:master_data_governance:747:::::::*
sap	master_data_governance	748	cpe:2.3:a:sap:master_data_governance:748:::::::*
sap	master_data_governance	749	cpe:2.3:a:sap:master_data_governance:749:::::::*
sap	master_data_governance	751	cpe:2.3:a:sap:master_data_governance:751:::::::*
sap	master_data_governance	752	cpe:2.3:a:sap:master_data_governance:752:::::::*
sap	master_data_governance	800	cpe:2.3:a:sap:master_data_governance:800:::::::*
sap	master_data_governance	801	cpe:2.3:a:sap:master_data_governance:801:::::::*

Rows per page:

1-10 of 171

References

me.sap.com/notes/3363690

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

18.2%

JSON

Related for NVD:CVE-2023-49058

cve1 cvelist1 prion1