CVE-2018-2380: SAP Customer Relationship Management (CRM) Path Traversal Vulnerability

First published: Thu Mar 01 2018(Updated: )

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Credit: cna@sap.com cna@sap.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/description
• agent/softwarecombine
• agent/title
• agent/severity
• agent/author
• collector/mitre-cve
• source/MITRE
• agent/weakness
• agent/last-modified-date
• agent/first-publish-date
• exploited/true
• ransomware/true
• collector/cisa-known-exploited
• source/CISA
• agent/software-canonical-lookup
• agent/references
• agent/event
• agent/tags
• collector/nvd-cve
• source/NVD
• vendor/sap
• canonical/sap customer relationship management
• version/sap customer relationship management/7.01
• version/sap customer relationship management/7.02
• version/sap customer relationship management/7.30
• version/sap customer relationship management/7.31
• version/sap customer relationship management/7.33
• version/sap customer relationship management/7.54
• canonical/sap customer relationship management (crm)