Vulnerability Details CVE-2018-2487
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 5.1
References
- http://www.securityfocus.com/bid/105908
- https://launchpad.support.sap.com/#/notes/2701410
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
- http://www.securityfocus.com/bid/105908
- https://launchpad.support.sap.com/#/notes/2701410
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Products affected by CVE-2018-2487
-
cpe:2.3:a:sap:disclosure_management:10.1