SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
[
{
"product": "SAP Disclosure Management",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 10.X"
}
]
}
]