N/A

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.

N/A

N/A

SAP Netweaver 路径遍历漏洞

SAP Netweaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver (Knowledge Management)中存在路径遍历漏洞，该漏洞源于程序没有充分验证用户提供的路径信息。攻击者可利用该漏洞覆盖、删除或破坏远程服务器上的任意文件。以下产品及版本受到影响：SAP NetWeaver (Knowledge Management) KMC-CM - 7.00版本，7.01版本，7.02版本，7.30版本，7.31版

N/A

N/A