SAP Cloud Connector is used to establish a secure connection between a computer and the SAP Cloud Platform. SAP Cloud Connector version 2.0 is vulnerable to a path traversal vulnerability that arises from allowing zip files to be uploaded as backups. Such backup files can be spoofed to inject special elements, such as ‘…’ and the ‘/’ separator, which can be exploited by an attacker to inject code to access files or directories via path traversal.
CPE | Name | Operator | Version |
---|---|---|---|
sap cloud connector | eq | 2.0 |