CVSS: 6.6EPSS: 2%CPEs: 6EXPL: 2CVE-2018-2380 – SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-2380
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. SAP CRM 7.01, 7.02, 7.30, 7.31, 7.33 y 7.54 permite que un atacante explote la validación insuficiente de la información de ruta proporcionada por los usuarios, por lo que los caracteres que representan "salto al directorio padre" se pasan a las API de archivo. SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users. • https://www.exploit-db.com/exploits/44292 https://github.com/erpscanteam/CVE-2018-2380 http://www.securityfocus.com/bid/103001 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2547431 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •