Vulnerability Details CVE-2023-49058
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 3.5
References
Products affected by CVE-2023-49058
-
cpe:2.3:a:sap:master_data_governance:731
-
cpe:2.3:a:sap:master_data_governance:732
-
cpe:2.3:a:sap:master_data_governance:746
-
cpe:2.3:a:sap:master_data_governance:747
-
cpe:2.3:a:sap:master_data_governance:748
-
cpe:2.3:a:sap:master_data_governance:749
-
cpe:2.3:a:sap:master_data_governance:751
-
cpe:2.3:a:sap:master_data_governance:752
-
cpe:2.3:a:sap:master_data_governance:800
-
cpe:2.3:a:sap:master_data_governance:801
-
cpe:2.3:a:sap:master_data_governance:802
-
cpe:2.3:a:sap:master_data_governance:803
-
cpe:2.3:a:sap:master_data_governance:804
-
cpe:2.3:a:sap:master_data_governance:805
-
cpe:2.3:a:sap:master_data_governance:806
-
cpe:2.3:a:sap:master_data_governance:807
-
cpe:2.3:a:sap:master_data_governance:808