Primary

Context

SAP SAPCAR Directory Traversal Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

A directory traversal vulnerability has been identified in SAPCAR, affecting the way file paths are sanitized during the extraction of SAPCAR archives. This flaw allows an attacker to create a malicious archive with directory traversal sequences. When a high-privileged user extracts this archive, SAPCAR processes it in a way that files are extracted outside the intended directory, potentially overwriting files in arbitrary locations. This vulnerability poses a significant risk to the integrity and availability of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized file overwrites, causing potential disruption or corruption of application data.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP Security Patch Day, which occurs on the second Tuesday of each month.

Added: Jul 8, 2025, 1:38 AM

Updated: Jul 8, 2025, 1:38 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP SAPCAR Directory Traversal Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

Impact

Remediation

Affected Products

SAPCAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating