CNVD-2023-99631 — Vulnetix

CNVD-2023-99631 PUBLISHED CVSS 3.5 LOW

SAP Master Data Governance是德国思爱普（SAP）公司的一套用于维护、验证和分发主数据的数据管理工具。 SAP Master Data Governance存在路径遍历漏洞，该漏洞源于File Upload功能对用户提供的路径信息验证不足，攻击者可利用该漏洞通过特别设计的web请求从底层文件系统中检索任意文件。

Risk Scores

CVSS v3.1

3.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Master Data Governance	MDG_FND 731, MDG_FND 732, MDG_FND 746

Timeline

Dec 12, 2023 CVE Published
Dec 14, 2023 CVE ID Reserved
Jan 1, 2024 PoC Published

References

https://me.sap.com/notes/3363690 url
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url

Open in Interactive Console →