CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*

History

21 Nov 2024, 04:03

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/103006 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/103006 - Third Party Advisory, VDB Entry
References () https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ - Vendor Advisory () https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ - Vendor Advisory
References () https://launchpad.support.sap.com/#/notes/2562089 - Permissions Required () https://launchpad.support.sap.com/#/notes/2562089 - Permissions Required

Information

Published : 2018-03-01 17:29

Updated : 2024-11-21 04:03


NVD link : CVE-2018-2367

Mitre link : CVE-2018-2367

CVE.ORG link : CVE-2018-2367


JSON object : View

Products Affected

sap

  • business_application_software_integrated_solution
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')