Vulnerability Description
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Customer Relationship Management | 7.01 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103001Broken LinkThird Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/Vendor Advisory
- https://github.com/erpscanteam/CVE-2018-2380ExploitThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2547431Permissions Required
- https://www.exploit-db.com/exploits/44292/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/103001Broken LinkThird Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/Vendor Advisory
- https://github.com/erpscanteam/CVE-2018-2380ExploitThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2547431Permissions Required
- https://www.exploit-db.com/exploits/44292/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource
FAQ
What is CVE-2018-2380?
CVE-2018-2380 is a vulnerability with a CVSS score of 6.6 (MEDIUM). SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are...
How severe is CVE-2018-2380?
CVE-2018-2380 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2380?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Customer Relationship Management.