cvelist/2018/2xxx/CVE-2018-2380.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cna@sap.com",
      "ID" : "CVE-2018-2380",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "SAP CRM",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.01"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.02"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.30"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.31"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.33"
                              },
                              {
                                 "version_affected" : "=",
                                 "version_value" : "7.54"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "SAP SE"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Directory/Path Traversal"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "44292",
            "refsource" : "EXPLOIT-DB",
            "url" : "https://www.exploit-db.com/exploits/44292/"
         },
         {
            "name" : "https://github.com/erpscanteam/CVE-2018-2380",
            "refsource" : "MISC",
            "url" : "https://github.com/erpscanteam/CVE-2018-2380"
         },
         {
            "name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
            "refsource" : "CONFIRM",
            "url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
         },
         {
            "name" : "https://launchpad.support.sap.com/#/notes/2547431",
            "refsource" : "CONFIRM",
            "url" : "https://launchpad.support.sap.com/#/notes/2547431"
         },
         {
            "name" : "103001",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/103001"
         }
      ]
   }
}
- Synchronized data. 2017-12-15 05:03:06 -05:00			`{`
			`"CVE_data_meta" : {`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`"ASSIGNER" : "cna@sap.com",`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`"ID" : "CVE-2018-2380",`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "SAP CRM",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.01"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.02"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.30"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.31"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.33"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.54"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "SAP SE"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`"value" : "SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Directory/Path Traversal"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
- Synchronized data. 2018-03-17 06:04:47 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "44292",`
			`"refsource" : "EXPLOIT-DB",`
- Synchronized data. 2018-03-17 06:04:47 -04:00			`"url" : "https://www.exploit-db.com/exploits/44292/"`
			`},`
- Synchronized data. 2018-03-15 01:02:33 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://github.com/erpscanteam/CVE-2018-2380",`
			`"refsource" : "MISC",`
- Synchronized data. 2018-03-15 01:02:33 -04:00			`"url" : "https://github.com/erpscanteam/CVE-2018-2380"`
			`},`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",`
			`"refsource" : "CONFIRM",`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`"url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://launchpad.support.sap.com/#/notes/2547431",`
			`"refsource" : "CONFIRM",`
- Added fixed files omitted in earlier submission from SAP from 2018-02-13. 2018-03-01 11:19:34 -05:00			`"url" : "https://launchpad.support.sap.com/#/notes/2547431"`
- Synchronized data. 2018-03-02 06:04:00 -05:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "103001",`
			`"refsource" : "BID",`
- Synchronized data. 2018-03-02 06:04:00 -05:00			`"url" : "http://www.securityfocus.com/bid/103001"`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`}`
			`]`
			`}`
			`}`