CVE-2018-2487 — HIGH (8.3) — White Hats Nepal

Vulnerability Description

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

CVSS Score

8.3

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sap	Disclosure Management	10.1

References

http://www.securityfocus.com/bid/105908Third Party AdvisoryVDB Entry
https://launchpad.support.sap.com/#/notes/2701410Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832Vendor Advisory
http://www.securityfocus.com/bid/105908Third Party AdvisoryVDB Entry
https://launchpad.support.sap.com/#/notes/2701410Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832Vendor Advisory

FAQ

What is CVE-2018-2487?

CVE-2018-2487 is a vulnerability with a CVSS score of 8.3 (HIGH). SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in differ...

How severe is CVE-2018-2487?

CVE-2018-2487 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-2487?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Disclosure Management.