Insufficient Path Validation in SAP BASIS
CVE-2018-2367

8.8HIGH

Key Information:

Vendor
SAP
Status
SAP Basis (abap File Interface)
Vendor
CVE Published:
1 March 2018

Summary

The ABAP File Interface in SAP BASIS versions 7.00 to 7.52 contains a vulnerability that arises from inadequate validation of user-supplied path information. This flaw allows attackers to manipulate file paths and potentially access sensitive files through unauthorized traversal commands. Proper configuration and patching are essential to mitigate this risk.

Affected Version(s)

SAP BASIS (ABAP File Interface) from 7.00 to 7.02

SAP BASIS (ABAP File Interface) from 7.10 to 7.11

SAP BASIS (ABAP File Interface) 7.30

References

https://blogs.sap.com/2018/02/13/sap-security-patch-day-f...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103006
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2562089
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.