Search criteria
2 vulnerabilities found for SAP BASIS (ABAP File Interface) by SAP SE
CVE-2018-2367 (GCVE-0-2018-2367)
Vulnerability from cvelistv5 – Published: 2018-03-01 17:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP BASIS (ABAP File Interface) |
Affected:
from 7.00 to 7.02
Affected: from 7.10 to 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: from 7.50 to 7.52 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS (ABAP File Interface)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02"
},
{
"status": "affected",
"version": "from 7.10 to 7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "from 7.50 to 7.52"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS (ABAP File Interface)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 7.00 to 7.02"
},
{
"version_affected": "=",
"version_value": "from 7.10 to 7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103006"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2562089",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2367",
"datePublished": "2018-03-01T17:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2367 (GCVE-0-2018-2367)
Vulnerability from nvd – Published: 2018-03-01 17:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP BASIS (ABAP File Interface) |
Affected:
from 7.00 to 7.02
Affected: from 7.10 to 7.11 Affected: 7.30 Affected: 7.31 Affected: 7.40 Affected: from 7.50 to 7.52 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BASIS (ABAP File Interface)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "from 7.00 to 7.02"
},
{
"status": "affected",
"version": "from 7.10 to 7.11"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "from 7.50 to 7.52"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BASIS (ABAP File Interface)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 7.00 to 7.02"
},
{
"version_affected": "=",
"version_value": "from 7.10 to 7.11"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "from 7.50 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name": "103006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103006"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2562089",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2562089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2367",
"datePublished": "2018-03-01T17:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}