admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-490xx/CVE-2023-49058.json
cad-safe-bot d16e351b94 Auto-Update: 2023-12-14T19:00:25.136410+00:00
2023-12-14 19:00:28 +00:00

186 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-49058",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T01:15:12.840",
"lastModified": "2023-12-14T18:56:27.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SAP Master Data Governance File Upload application\u00a0allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \u2018traverse to parent directory\u2019 are passed through to the file\u00a0APIs. As a result, it has a low impact to the\u00a0confidentiality.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n SAP Master Data Governance File Upload permite a un atacante aprovechar la validaci\u00f3n insuficiente de la informaci\u00f3n de ruta proporcionada por los usuarios, por lo que los caracteres que representan \"viajar al directorio principal\" se pasan a las API del archivo. Como resultado, tiene un bajo impacto en la confidencialidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*",
"matchCriteriaId": "21F2D97C-922D-420D-8B1C-689D2C20FEB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*",
"matchCriteriaId": "FD747826-9538-4A22-AFA8-BB5CFBDE6BF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CBD8D-BC8E-496A-A17C-0E2413D02FC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF73CAE-700A-4663-BC79-CAB6CCE936F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*",
"matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*",
"matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*",
"matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*",
"matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*",
"matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*",
"matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*",
"matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*",
"matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*",
"matchCriteriaId": "02340ACE-A07B-40FC-B253-17A64F4D8328"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD28E7-6576-470F-8421-CEA4E2B89D18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*",
"matchCriteriaId": "36F5BCA7-C447-425B-A828-D59FCDEBA136"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*",
"matchCriteriaId": "93C11998-6A74-44E0-8CCF-4A48B71AF3C7"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3363690",
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink