CVE-2023-49058: Directory Traversal vulnerability in SAP Master Data Governance

First published: Tue Dec 12 2023(Updated: )

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

Credit: cna@sap.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/mitre-cve
• collector/nvd-api
• agent/weakness
• agent/references
• agent/title
• agent/severity
• agent/author
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• vendor/sap
• canonical/sap master data governance
• version/sap master data governance/731
• version/sap master data governance/732
• version/sap master data governance/746
• version/sap master data governance/747
• version/sap master data governance/748
• version/sap master data governance/749
• version/sap master data governance/751
• version/sap master data governance/752
• version/sap master data governance/800
• version/sap master data governance/801
• version/sap master data governance/802
• version/sap master data governance/803
• version/sap master data governance/804
• version/sap master data governance/805
• version/sap master data governance/806
• version/sap master data governance/807
• version/sap master data governance/808