SAP Business Connector Path Traversal Vulnerability Allowing Arbitrary File Manipulation and Command Execution
Vulnerability
A path traversal vulnerability has been identified in SAP Business Connector. This issue allows an authenticated administrator with adjacent access to read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary operating system commands on the server, leading to a complete compromise of the system's confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability could result in unauthorized file manipulation and execution of arbitrary commands on the server, causing a full compromise of the affected system.
Remediation
Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.