SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.
SAP Print Service (SAPSprint) does not perform sufficient validation of paths supplied by the user (CWE-35 — path traversal). An attacker without any credentials can use appropriately crafted path sequences (e.g., '../') to exit the allowed working directory, reach parent directories, and overwrite any system files accessible in the context of the service process.
An attacker can overwrite critical system files, leading to loss of data integrity and confidentiality, and potentially causing complete unavailability of the application or operating system. The attack is possible remotely and without authentication.
Patches available from the vendor must be applied in accordance with the references — SAP Security Note 3630595 published as part of SAP Security Patch Day. Details available at: https://me.sap.com/notes/3630595
SAP Print Service (SAPSprint) — versions indicated in the vendor references (SAP Security Note 3630595)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H