PT-2019-1771 · Sap · Sap Businessobjects

Publicado

2019-02-12

Atualizado

2019-02-20

CVE-2019-0259

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects versions 4.2 and 4.3

Description The issue is related to the lack of proper file format validation, allowing an attacker to upload any file, including script files. This can potentially lead to the execution of arbitrary code by a remote attacker. The vulnerability is associated with unlimited file upload of dangerous types.

Recommendations For SAP BusinessObjects versions 4.2 and 4.3, consider restricting file uploads to only necessary and validated formats to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload feature in the Visual Difference component until a patch is available.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

BDU:2019-01415

CVE-2019-0259

Produtos afetados

Sap Businessobjects

PT-2019-1771 · Sap · Sap Businessobjects

CVE-2019-0259

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6