Primary

Context

SAPCAR Memory Corruption Vulnerability Allowing Arbitrary File Extraction and Overwrite

Vulnerability

A memory corruption vulnerability has been identified in SAPCAR, which allows an attacker to create malicious SAPCAR archives. When a high-privileged user extracts these archives, SAPCAR processes them in a way that causes out-of-bounds memory read and write operations. This could result in unauthorized file extraction and overwriting of files outside the designated directories. The vulnerability has a low impact on the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to arbitrary file extraction and overwriting of files outside the intended directories.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all security notes are available. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQ.

Added: Jul 8, 2025, 1:37 AM

Updated: Jul 8, 2025, 1:37 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.8

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.8

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAPCAR Memory Corruption Vulnerability Allowing Arbitrary File Extraction and Overwrite

Vulnerability

Impact

Remediation

Affected Products

SAPCAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating