SAP Knowledge Base Article - Preview

3405370 - Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC) hosted on the WACS

Symptom

  • Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC) hosted on the WACS
  • SAP BusinessObjects Business Intelligence Platform (CMC) allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.


Read more...

Environment

  • SAP BusinessObjects Business Intelligence 4.2, 4.3
  • Windows server
  • WACS

Keywords

upload.file.allowed.formats, global.properties, upload.file.allowed.formats parameter on WACS , KBA , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.