ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103006 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2562089 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2018-03-01T17:00:00
Updated: 2018-03-02T10:57:01
Reserved: 2017-12-15T00:00:00
Link: CVE-2018-2367
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-01T17:29:00.287
Modified: 2018-03-23T16:44:05.083
Link: CVE-2018-2367
JSON object: View
Redhat Information
No data.
CWE