Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Published

2018-03-01T17:29:00.287

Last Modified

2024-11-21T04:03:41.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap business_application_software_integrated_solution ≤ 7.02 Yes
Application sap business_application_software_integrated_solution ≤ 7.11 Yes
Application sap business_application_software_integrated_solution ≤ 7.52 Yes
Application sap business_application_software_integrated_solution 7.30 Yes
Application sap business_application_software_integrated_solution 7.31 Yes
Application sap business_application_software_integrated_solution 7.40 Yes
References