CVE-2018-2380

2018-03-01T17:29:00
ID CVE-2018-2380
Type cve
Reporter cve@mitre.org
Modified 2018-03-23T16:39:00

Description

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.