CVE-2018-2367

2018-03-0117:00:00

sap

www.cve.org

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs.

CNA Affected

[
  {
    "product": "SAP BASIS (ABAP File Interface)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "from 7.00 to 7.02"
      },
      {
        "status": "affected",
        "version": "from 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "from 7.50 to 7.52"
      }
    ]
  }
]