Vulnerability Description
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Application Software Integrated Solution | >= 7.00, <= 7.02 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103006Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2562089Permissions Required
- http://www.securityfocus.com/bid/103006Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2562089Permissions Required
FAQ
What is CVE-2018-2367?
CVE-2018-2367 is a vulnerability with a CVSS score of 8.8 (HIGH). ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by user...
How severe is CVE-2018-2367?
CVE-2018-2367 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2367?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Business Application Software Integrated Solution.