CVE-2018-2487

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
sapdisclosure_management
10.1
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105908
https://launchpad.support.sap.com/#/notes/2701410
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
http://www.securityfocus.com/bid/105908
https://launchpad.support.sap.com/#/notes/2701410
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832