CVE-2023-49058

{"id": "CVE-2023-49058", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-12-12T01:15:12.840", "references": [{"url": "https://me.sap.com/notes/3363690", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "SAP Master Data Governance File Upload application\u00a0allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \u2018traverse to parent directory\u2019 are passed through to the file\u00a0APIs. As a result, it has a low impact to the\u00a0confidentiality.\n\n"}, {"lang": "es", "value": "La aplicaci\u00f3n SAP Master Data Governance File Upload permite a un atacante aprovechar la validaci\u00f3n insuficiente de la informaci\u00f3n de ruta proporcionada por los usuarios, por lo que los caracteres que representan \"viajar al directorio principal\" se pasan a las API del archivo. Como resultado, tiene un bajo impacto en la confidencialidad."}], "lastModified": "2023-12-14T18:56:27.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:master_data_governance:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21F2D97C-922D-420D-8B1C-689D2C20FEB3"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:732:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD747826-9538-4A22-AFA8-BB5CFBDE6BF3"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD6CBD8D-BC8E-496A-A17C-0E2413D02FC3"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:747:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DF73CAE-700A-4663-BC79-CAB6CCE936F3"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:805:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02340ACE-A07B-40FC-B253-17A64F4D8328"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:806:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6CD28E7-6576-470F-8421-CEA4E2B89D18"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:807:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36F5BCA7-C447-425B-A828-D59FCDEBA136"}, {"criteria": "cpe:2.3:a:sap:master_data_governance:808:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C11998-6A74-44E0-8CCF-4A48B71AF3C7"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}