CVE-2018-2487

Summary

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

Affected Software

VendorProductVersion RangeStatus
SAPSAP Disclosure Management= 10.Xaffected

Weaknesses

  • Directory/Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References