SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability
BID:107001
CVE-2018-1002204 |Info
SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability
| Bugtraq ID: | 107001 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1002204 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
SAP HANA 1.00 |
| Not Vulnerable: | |
Discussion
SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability
SAP HANA is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
SAP Enterprise Architecture Designer for SAP HANA version 1.0 is vulnerable.
SAP HANA is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks.
SAP Enterprise Architecture Designer for SAP HANA version 1.0 is vulnerable.
Exploit / POC
SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability
References:
References:
- SAP Homepage (SAP)
- SAP Security Note 2709897 (SAP)
- SAP Security Patch Day �?? February 2019 (SAP)