CVE-2018-2366

Summary

SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Process Automation (BPA) By Redwood9.0affected
SAP SESAP Business Process Automation (BPA) By Redwood9.1affected

Weaknesses

  • Directory Traversal)

ADP Enrichment

CVE Program Container

Additional References

References