CyberSec.Space Logo
Back to CVE Browser

CVE-2018-2380

Known Exploited (CISA KEV)MEDIUM
6.6
CVSS Severity Score
EPSS Score68.0620%
EPSS Percentile90.93th
PublishedMar 1, 2018
Last ModifiedOct 31, 2025

Vulnerability Description

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected Platforms (CPE)

πŸ“¦
Sap

Customer Relationship Management

= 7.01
πŸ“¦
Sap

Customer Relationship Management

= 7.02
πŸ“¦
Sap

Customer Relationship Management

= 7.30
πŸ“¦
Sap

Customer Relationship Management

= 7.31
πŸ“¦
Sap

Customer Relationship Management

= 7.33
πŸ“¦
Sap

Customer Relationship Management

= 7.54

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103001
πŸ”— https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
πŸ”— https://github.com/erpscanteam/CVE-2018-2380
πŸ”— https://launchpad.support.sap.com/#/notes/2547431
πŸ”— https://www.exploit-db.com/exploits/44292/
πŸ”— http://www.securityfocus.com/bid/103001
πŸ”— https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
πŸ”— https://github.com/erpscanteam/CVE-2018-2380

Related Vulnerabilities

CVE-2013-709510.0

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors rela...

CVE-2021-431309.8

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username paramet...

CVE-2021-372218.8

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & c...

CVE-2005-40877.5

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) ...