CVE-2023-49058

Published Dec 12, 2023

Last updated a year ago

CVSS medium 5.3

Overview

Description: SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21F2D97C-922D-420D-8B1C-689D2C20FEB3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD747826-9538-4A22-AFA8-BB5CFBDE6BF3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD6CBD8D-BC8E-496A-A17C-0E2413D02FC3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DF73CAE-700A-4663-BC79-CAB6CCE936F3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02340ACE-A07B-40FC-B253-17A64F4D8328"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6CD28E7-6576-470F-8421-CEA4E2B89D18"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36F5BCA7-C447-425B-A828-D59FCDEBA136"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C11998-6A74-44E0-8CCF-4A48B71AF3C7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References