CVE-2018-2366
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Process Automation (BPA) By Redwood | 9.0 | affected |
| SAP SE | SAP Business Process Automation (BPA) By Redwood | 9.1 | affected |
Weaknesses
- Directory Traversal)
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103371
- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
- https://launchpad.support.sap.com/#/notes/2555667
References
- http://www.securityfocus.com/bid/103371
- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
- https://launchpad.support.sap.com/#/notes/2555667
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.