CVE-2018-2367

EPSS 2.0%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Mar 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected products

SAP SE · SAP BASIS (ABAP File Interface)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/https://launchpad.support.sap.com/#/notes/2562089 http://www.securityfocus.com/bid/103006