CVE-2018-2380

Summary

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP CRM7.01affected
SAP SESAP CRM7.02affected
SAP SESAP CRM7.30affected
SAP SESAP CRM7.31affected
SAP SESAP CRM7.33affected
SAP SESAP CRM7.54affected

Weaknesses

  • Directory/Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

References