SAP NetWeaver Visual Composer Directory Traversal Vulnerability Allowing Arbitrary File Access
Vulnerability
A directory traversal vulnerability has been identified in SAP NetWeaver Visual Composer. This issue arises from inadequate validation of input paths provided by high-privileged users, enabling attackers to read or modify arbitrary files. The vulnerability significantly impacts confidentiality and has a minor effect on integrity.
Impact
Exploitation of this vulnerability could lead to unauthorized reading or modification of files, causing a substantial breach of confidentiality.
Remediation
Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where all Security Notes are available. For SAP NetWeaver based products, security fixes are also included in the support packages.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.