CVE-2018-2380

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/103001", "name": "103001", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://www.securityfocus.com/bid/103001", "name": "103001", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://github.com/erpscanteam/CVE-2018-2380", "name": "https://github.com/erpscanteam/CVE-2018-2380", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/erpscanteam/CVE-2018-2380", "name": "https://github.com/erpscanteam/CVE-2018-2380", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://launchpad.support.sap.com/#/notes/2547431", "name": "https://launchpad.support.sap.com/#/notes/2547431", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://launchpad.support.sap.com/#/notes/2547431", "name": "https://launchpad.support.sap.com/#/notes/2547431", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/44292/", "name": "44292", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/44292/", "name": "44292", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-2380", "ASSIGNER": "cna@sap.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}}, "publishedDate": "2018-03-01T17:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:customer_relationship_management:7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-12T20:37Z"}