CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-2380

Known Exploited (CISA KEV)MEDIUM
6.6
CVSS Severity Score
EPSS Score68.0620%
EPSS Percentile90.93th
Published2018年3月1日
Last Modified2025年10月31日

Vulnerability Description

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected Platforms (CPE)

📦
Sap

Customer Relationship Management

= 7.01
📦
Sap

Customer Relationship Management

= 7.02
📦
Sap

Customer Relationship Management

= 7.30
📦
Sap

Customer Relationship Management

= 7.31
📦
Sap

Customer Relationship Management

= 7.33
📦
Sap

Customer Relationship Management

= 7.54

References & Advisories

🔗 http://www.securityfocus.com/bid/103001
🔗 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
🔗 https://github.com/erpscanteam/CVE-2018-2380
🔗 https://launchpad.support.sap.com/#/notes/2547431
🔗 https://www.exploit-db.com/exploits/44292/
🔗 http://www.securityfocus.com/bid/103001
🔗 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
🔗 https://github.com/erpscanteam/CVE-2018-2380

相关漏洞威胁

CVE-2013-709510.0

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors rela...

CVE-2021-431309.8

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username paramet...

CVE-2021-372218.8

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & c...

CVE-2005-40877.5

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) ...