Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

Subscribe me to your mailing list

[ERPSCAN-16-025] SAP Business Object Data Services – directory traversal

Application: SAP Data Services 4.2
Vendor URL: SAP
Bug: Directory Travesal
Reported: 01.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 14.06.2016
Reference: SAP Security Note 2300346
Author: Nursultan Abubakirov (ERPScan)

VULNERABILITY INFORMATION

Class: directory traversal
Impact: attacker could read arbitrary files on the remote server
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information

CVSS Base Score v3: 2.7 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) High (H)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Low (L)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None (N)
A: Impact to Availability High (H)

Description

An attacker can use an SAP BO function to read files from a server.

Business risk

An attacker can use Directory traversal to access to arbitrary files and directories located in an SAP server filesystem including application source code, configuration and system files. It allows obtaining critical technical and business-related information stored in a vulnerable SAP system.

VULNERABLE PACKAGES

SAP Data Services 4.2 Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2300346

TECHNICAL DESCRIPTION

Proof of Concept

GET