SAP B2B/B2C CRM Local File Inclusion

  • A security vulnerability exists in SAP B2B/B2C CRM that allows an attacker to read arbitrary local files from the affected server. The file is affected and this vulnerability can be exploited via the GET parameter forwardPath.
  • Upgrade SAP B2B/B2C CRM to the latest version.
    Please consult the SAP Security Note 1870255656 for more information about the fix.