CVE-2018-2367

Summary

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP BASIS (ABAP File Interface)from 7.00 to 7.02affected
SAP SESAP BASIS (ABAP File Interface)from 7.10 to 7.11affected
SAP SESAP BASIS (ABAP File Interface)7.30affected
SAP SESAP BASIS (ABAP File Interface)7.31affected
SAP SESAP BASIS (ABAP File Interface)7.40affected
SAP SESAP BASIS (ABAP File Interface)from 7.50 to 7.52affected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References