Vulnerability Details CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2018-2367
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.00
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.01
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.02
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.10
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.11
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.30
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.31
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.40
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.50
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.51
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.52