CVE-2018-2367

2018-03-0117:00:00

sap

www.cve.org

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs.

CNA Affected

[
  {
    "product": "SAP BASIS (ABAP File Interface)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "from 7.00 to 7.02"
      },
      {
        "status": "affected",
        "version": "from 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "from 7.50 to 7.52"
      }
    ]
  }
]