← Zuruck zu CVEs
CVE-2018-2380
MEDIUMCISA KEV6.6
Beschreibung
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVE Details
CVSS v3.1 Bewertung6.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht3/1/2018
Zuletzt geandert10/31/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSAP
ProduktCustomer Relationship Management (CRM)
SchwachstellennameSAP Customer Relationship Management (CRM) Path Traversal Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungKnown
Betroffene Produkte
sap:customer_relationship_management
Schwachen (CWE)
CWE-22CWE-22
Referenzen
http://www.securityfocus.com/bid/103001(cna@sap.com)
https://github.com/erpscanteam/CVE-2018-2380(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2547431(cna@sap.com)
https://www.exploit-db.com/exploits/44292/(cna@sap.com)
http://www.securityfocus.com/bid/103001(af854a3a-2127-422b-91ae-364da2661108)
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/erpscanteam/CVE-2018-2380(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2547431(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44292/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2380(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.