CVE-2023-49058

Summary

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Master Data GovernanceMDG_FND 731affected
SAP_SESAP Master Data GovernanceMDG_FND 732affected
SAP_SESAP Master Data GovernanceMDG_FND 746affected
SAP_SESAP Master Data GovernanceMDG_FND 747affected
SAP_SESAP Master Data GovernanceMDG_FND 748affected
SAP_SESAP Master Data GovernanceMDG_FND 749affected
SAP_SESAP Master Data GovernanceMDG_FND 752affected
SAP_SESAP Master Data GovernanceMDG_FND 800affected
SAP_SESAP Master Data GovernanceMDG_FND 802affected
SAP_SESAP Master Data GovernanceMDG_FND 803affected
SAP_SESAP Master Data GovernanceMDG_FND 804affected
SAP_SESAP Master Data GovernanceMDG_FND 805affected
SAP_SESAP Master Data GovernanceMDG_FND 806affected
SAP_SESAP Master Data GovernanceMDG_FND 807affected
SAP_SESAP Master Data GovernanceMDG_FND 808affected
SAP_SESAP Master Data GovernanceSAP_BS_FND 702affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal)

ADP Enrichment

CVE Program Container

Additional References

References