CISA KEV 정보
| 취약점명 | SAP Customer Relationship Management (CRM) Path Traversal Vulnerability |
|---|---|
| 설명 | SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-22 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2018-2380 |
NVD 상세 정보
CVSS v3.1: 6.6 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LCVSS v2.0: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P설명: SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CWE: CWE-22 | CWE-22
참조
- http://www.securityfocus.com/bid/103001 [Broken Link, Third Party Advisory, VDB Entry]
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ [Vendor Advisory]
- https://github.com/erpscanteam/CVE-2018-2380 [Exploit, Third Party Advisory]
- https://launchpad.support.sap.com/#/notes/2547431 [Permissions Required]
- https://www.exploit-db.com/exploits/44292/ [Exploit, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/103001 [Broken Link, Third Party Advisory, VDB Entry]
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ [Vendor Advisory]
- https://github.com/erpscanteam/CVE-2018-2380 [Exploit, Third Party Advisory]
- https://launchpad.support.sap.com/#/notes/2547431 [Permissions Required]
- https://www.exploit-db.com/exploits/44292/ [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2380 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.