Description
A security vulnerability exists in SAP B2B/B2C CRM that allows an attacker to read arbitrary local files from the affected server. The file initProductCatalog.do is affected and this vulnerability can be exploited via the GET parameter forwardPath.
Remediation
Upgrade SAP B2B/B2C CRM to the latest version.
Please consult the SAP Security Note 1870255656 for more information about the fix.
References
Related Vulnerabilities
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)
Limited Remote File Read/Include in Jira Software Server
WordPress Plugin Abstract Submission Local File Inclusion (0.6)
WordPress Plugin Browser Rejector Remote File Inclusion (2.10)