CVE-2023-49058 Information

Description

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result it has a low impact to the confidentiality.

Reference

https://me.sap.com/notes/3363690 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html