header-logo
Suggest Exploit
vendor:
Business Connector
by:
SecurityFocus
7.5
CVSS
HIGH
File Access/Deletion
264
CWE
Product Name: Business Connector
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SAP Business Connector File Access/Deletion Vulnerability

SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error. A successful attack will result in the disclosure of sensitive or privileged information. An attacker may also delete arbitrary files. This often occurs with superuser privileges, since the package is often run with elevated privileges to gain access to TCP ports lower than 1024.

Mitigation:

Ensure that the SAP Business Connector is running with the least privileges necessary. Additionally, ensure that the application is running the latest version available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16668/info
 
SAP Business Connector is prone to a file-access/deletion vulnerability. This issue arises due to an access-validation error.
 
A successful attack will result in the disclosure of sensitive or privileged information. An attacker may also delete arbitrary files. This often occurs with superuser privileges, since the package is often run with elevated privileges to gain access to TCP ports lower than 1024.

http://www.example.com/sapbc/invoke/sap.monitor.rfcTrace/deleteSingle?fullName=<path_to_file>

Navigation

Suggest Exploit

Services By CQR