CVE-2023-49058

LOW

SAP Master Data Governance File Upload - Path Traversal

Title source: llm

Description

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3363690

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 3.5

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (17)

sap/master_data_governance 731

sap/master_data_governance 732

sap/master_data_governance 746

sap/master_data_governance 747

sap/master_data_governance 748

sap/master_data_governance 749

sap/master_data_governance 751

sap/master_data_governance 752

sap/master_data_governance 800

sap/master_data_governance 801

... and 7 more

Published Dec 12, 2023

Tracked Since Feb 18, 2026