SAP NetWeaver DI Arbitrary File Upload Vulnerability
BID:58486
Info
SAP NetWeaver DI Arbitrary File Upload Vulnerability
| Bugtraq ID: | 58486 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-6820 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2013 12:00AM |
| Updated: | Nov 21 2013 12:27AM |
| Credit: | Dmitry Chastukhin of ERPScan |
| Vulnerable: |
SAP NetWeaver 7.30 SAP NetWeaver 7.10 SAP NetWeaver 7.02 SAP NetWeaver 7.01 SAP NetWeaver 7.0 SP8 SAP NetWeaver 7.0 SP15 SAP NetWeaver 7.0 EHP2 SAP NetWeaver 7.0 EHP1 SAP NetWeaver 7.0 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver DI Arbitrary File Upload Vulnerability
SAP NetWeaver is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
SAP NetWeaver is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
Exploit / POC
SAP NetWeaver DI Arbitrary File Upload Vulnerability
Attackers can exploit this issue through a browser.
Attackers can exploit this issue through a browser.
Solution / Fix
SAP NetWeaver DI Arbitrary File Upload Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.