CyberSec.Space Logo
Back to CVE Browser

CVE-2018-2367

HIGH
8.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile15.00th
PublishedMar 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected Platforms (CPE)

πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.00 and <= 7.02
πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.10 and <= 7.11
πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.50 and <= 7.52
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.30
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.31
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.40

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103006
πŸ”— https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
πŸ”— https://launchpad.support.sap.com/#/notes/2562089
πŸ”— http://www.securityfocus.com/bid/103006
πŸ”— https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
πŸ”— https://launchpad.support.sap.com/#/notes/2562089

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...