SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an malicious user to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap customer relationship management 7.33 |
||
sap customer relationship management 7.01 |
||
sap customer relationship management 7.02 |
||
sap customer relationship management 7.30 |
||
sap customer relationship management 7.31 |
||
sap customer relationship management 7.54 |
So please don't delay in applying updates, says, well, everyone Beware the IDEs of March: Microsoft's latest monthly fixes land after frantic Exchange Server updates
SAP and security analysts Onapsis say cyber-criminals are pretty quick to analyze the enterprise software outfit's patches and develop exploits to get into vulnerable systems. In a joint report issued by the two organizations, Mariano Nunez, CEO of Onapsis, cited "conclusive evidence that cyberattackers are actively targeting and exploiting unsecured SAP applications," and warned time was of the essence, reporting "SAP vulnerabilities being weaponized in less than 72 hours since the release of p...