cnvd - cnvd-2023-99631

CNVD-2023-99631

Vulnerability from cnvd - Published: 2023-12-21

Title

SAP Master Data Governance路径遍历漏洞

Description

SAP Master Data Governance是德国思爱普（SAP）公司的一套用于维护、验证和分发主数据的数据管理工具。 SAP Master Data Governance存在路径遍历漏洞，该漏洞源于File Upload功能对用户提供的路径信息验证不足，攻击者可利用该漏洞通过特别设计的web请求从底层文件系统中检索任意文件。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://me.sap.com/notes/3363690

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-49058

Impacted products

Name
['SAP SAP Master Data Governance 731', 'SAP SAP Master Data Governance 732', 'SAP SAP Master Data Governance 746', 'SAP SAP Master Data Governance 747', 'SAP SAP Master Data Governance 748', 'SAP SAP Master Data Governance 749', 'SAP SAP Master Data Governance 800', 'SAP SAP Master Data Governance 751', 'SAP SAP Master Data Governance 752', 'SAP SAP Master Data Governance 801', 'SAP SAP Master Data Governance 802', 'SAP SAP Master Data Governance 803', 'SAP SAP Master Data Governance 804', 'SAP SAP Master Data Governance 805', 'SAP SAP Master Data Governance 806', 'SAP SAP Master Data Governance 807', 'SAP SAP Master Data Governance 808']

Name

['SAP SAP Master Data Governance 731', 'SAP SAP Master Data Governance 732', 'SAP SAP Master Data Governance 746', 'SAP SAP Master Data Governance 747', 'SAP SAP Master Data Governance 748', 'SAP SAP Master Data Governance 749', 'SAP SAP Master Data Governance 800', 'SAP SAP Master Data Governance 751', 'SAP SAP Master Data Governance 752', 'SAP SAP Master Data Governance 801', 'SAP SAP Master Data Governance 802', 'SAP SAP Master Data Governance 803', 'SAP SAP Master Data Governance 804', 'SAP SAP Master Data Governance 805', 'SAP SAP Master Data Governance 806', 'SAP SAP Master Data Governance 807', 'SAP SAP Master Data Governance 808']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-49058",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-49058"
    }
  },
  "description": "SAP Master Data Governance\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ef4\u62a4\u3001\u9a8c\u8bc1\u548c\u5206\u53d1\u4e3b\u6570\u636e\u7684\u6570\u636e\u7ba1\u7406\u5de5\u5177\u3002\n\nSAP Master Data Governance\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFile Upload\u529f\u80fd\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8def\u5f84\u4fe1\u606f\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u522b\u8bbe\u8ba1\u7684web\u8bf7\u6c42\u4ece\u5e95\u5c42\u6587\u4ef6\u7cfb\u7edf\u4e2d\u68c0\u7d22\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://me.sap.com/notes/3363690",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-99631",
  "openTime": "2023-12-21",
  "products": {
    "product": [
      "SAP SAP Master Data Governance 731",
      "SAP SAP Master Data Governance 732",
      "SAP SAP Master Data Governance 746",
      "SAP SAP Master Data Governance 747",
      "SAP SAP Master Data Governance 748",
      "SAP SAP Master Data Governance 749",
      "SAP SAP Master Data Governance 800",
      "SAP SAP Master Data Governance 751",
      "SAP SAP Master Data Governance 752",
      "SAP SAP Master Data Governance 801",
      "SAP SAP Master Data Governance 802",
      "SAP SAP Master Data Governance 803",
      "SAP SAP Master Data Governance 804",
      "SAP SAP Master Data Governance 805",
      "SAP SAP Master Data Governance 806",
      "SAP SAP Master Data Governance 807",
      "SAP SAP Master Data Governance 808"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-49058",
  "serverity": "\u4f4e",
  "submitTime": "2023-12-14",
  "title": "SAP Master Data Governance\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2023-49058 (GCVE-0-2023-49058)

Vulnerability from cvelistv5 – Published: 2023-12-12 01:01 – Updated: 2024-08-02 21:46

Summary

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal)

Assigner

sap

References

URL

Tags

	https://me.sap.com/notes/3363690
	https://www.sap.com/documents/2022/02/fa865ea4-16…

Impacted products

	Vendor	Product	Version
	SAP_SE	SAP Master Data Governance	Affected: MDG_FND 731 Affected: MDG_FND 732 Affected: MDG_FND 746 Affected: MDG_FND 747 Affected: MDG_FND 748 Affected: MDG_FND 749 Affected: MDG_FND 752 Affected: MDG_FND 800 Affected: MDG_FND 802 Affected: MDG_FND 803 Affected: MDG_FND 804 Affected: MDG_FND 805 Affected: MDG_FND 806 Affected: MDG_FND 807 Affected: MDG_FND 808 Affected: SAP_BS_FND 702

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://me.sap.com/notes/3363690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP Master Data Governance",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "MDG_FND 731"
            },
            {
              "status": "affected",
              "version": "MDG_FND 732"
            },
            {
              "status": "affected",
              "version": "MDG_FND 746"
            },
            {
              "status": "affected",
              "version": "MDG_FND 747"
            },
            {
              "status": "affected",
              "version": "MDG_FND 748"
            },
            {
              "status": "affected",
              "version": "MDG_FND 749"
            },
            {
              "status": "affected",
              "version": "MDG_FND 752"
            },
            {
              "status": "affected",
              "version": "MDG_FND 800"
            },
            {
              "status": "affected",
              "version": "MDG_FND 802"
            },
            {
              "status": "affected",
              "version": "MDG_FND 803"
            },
            {
              "status": "affected",
              "version": "MDG_FND 804"
            },
            {
              "status": "affected",
              "version": "MDG_FND 805"
            },
            {
              "status": "affected",
              "version": "MDG_FND 806"
            },
            {
              "status": "affected",
              "version": "MDG_FND 807"
            },
            {
              "status": "affected",
              "version": "MDG_FND 808"
            },
            {
              "status": "affected",
              "version": "SAP_BS_FND 702"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSAP Master Data Governance File Upload application\u00a0allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \u2018traverse to parent directory\u2019 are passed through to the file\u00a0APIs. As a result, it has a low impact to the\u00a0confidentiality.\u003c/p\u003e"
            }
          ],
          "value": "SAP Master Data Governance File Upload application\u00a0allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \u2018traverse to parent directory\u2019 are passed through to the file\u00a0APIs. As a result, it has a low impact to the\u00a0confidentiality.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal)",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T01:01:07.964Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3363690"
        },
        {
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Directory Traversal vulnerability in SAP Master Data Governance",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2023-49058",
    "datePublished": "2023-12-12T01:01:07.964Z",
    "dateReserved": "2023-11-20T11:31:43.313Z",
    "dateUpdated": "2024-08-02T21:46:29.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-99631

CVE-2023-49058 (GCVE-0-2023-49058)

Tags

Sightings

Nomenclature