Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP NetWeaver多个目录遍历漏洞
Vulnerability Description
SAP NetWeaver 7.0版本中存在多个目录遍历漏洞。远程认证用户可利用漏洞借助Internet Sales (crm.b2b)组件中的(1)b2b/admin/log.jsp 或(2)b2b/admin/log_view.jsp或者Application Administration (com.sap.ipc.webapp.ipc) 组件中的(3)ipc/admin/log.jsp 或(4)ipc/admin/log_view.jsp中的logfilename参数中的.. (点 点) ,读取任意
CVSS Information
N/A
Vulnerability Type
N/A