ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103006 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2562089 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2018-03-01 17:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-2367
Mitre link : CVE-2018-2367
CVE.ORG link : CVE-2018-2367
JSON object : View
Products Affected
sap
- business_application_software_integrated_solution
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')