CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
sapbusiness_application_software_integrated_solution
7.00 ≤
𝑥
≤ 7.02
sapbusiness_application_software_integrated_solution
7.10 ≤
𝑥
≤ 7.11
sapbusiness_application_software_integrated_solution
7.50 ≤
𝑥
≤ 7.52
sapbusiness_application_software_integrated_solution
7.30
sapbusiness_application_software_integrated_solution
7.31
sapbusiness_application_software_integrated_solution
7.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103006
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2562089
http://www.securityfocus.com/bid/103006
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2562089