CVE-2018-2380

MEDIUM - CVSS 6.6CWE-22

Published: 3/1/2018

Modified: 10/31/2025

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Vulnerability Summary

CVSS v3 Score

6.6MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CVSS v2 Score

6.5

AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE Classification

CWE-22