3 matches found
CVE-2017-16691
SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...
CVE-2017-16691
SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...
CVE-2017-16691
Summary (CVE-2017-16691) : A vulnerability in SAP Note Assistant (part of SAP BASIS releases 7.00–7.02, 7.10–7.11, 7.30, 7.31, 7.40, 7.50–7.52) arises from insecure signature validation of SAP Notes archives. During SAR handling, signature verification is coupled with extraction via SAPCAR, which...