CVE-2018-2380

CVE: CVE-2018-2380
Published: 2018-03-01T17:29Z
Description Language: en
Description: SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs.
References:
http://www.securityfocus.com/bid/103001
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2547431