File Path Manipulation Vulnerability in SAP Disclosure Management 10.x
CVE-2018-2487

8.3HIGH

Key Information:

Vendor

SAP
Status
SAP Disclosure Management
Vendor
CVE Published:
13 November 2018

What is CVE-2018-2487?

SAP Disclosure Management 10.x is susceptible to a file path manipulation vulnerability. An attacker can exploit this by crafting a malicious zip file that, when extracted, may place files in unintended locations. This behavior can lead to data exposure and unauthorized access, compromising the security of the system. Users are advised to exercise caution when handling zip files and ensure proper validation mechanisms are in place to mitigate related risks.

Affected Version(s)

SAP Disclosure Management = 10.X

References

http://www.securityfocus.com/bid/105908
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2701410
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.