CVE-2018-2367
N/A
N/A
Summary
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP BASIS (ABAP File Interface) | from 7.00 to 7.02 | affected |
| SAP SE | SAP BASIS (ABAP File Interface) | from 7.10 to 7.11 | affected |
| SAP SE | SAP BASIS (ABAP File Interface) | 7.30 | affected |
| SAP SE | SAP BASIS (ABAP File Interface) | 7.31 | affected |
| SAP SE | SAP BASIS (ABAP File Interface) | 7.40 | affected |
| SAP SE | SAP BASIS (ABAP File Interface) | from 7.50 to 7.52 | affected |
Weaknesses
- Directory Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- http://www.securityfocus.com/bid/103006
- https://launchpad.support.sap.com/#/notes/2562089
References
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- http://www.securityfocus.com/bid/103006
- https://launchpad.support.sap.com/#/notes/2562089
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.