{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T18:47:37.440","vulnerabilities":[{"cve":{"id":"CVE-2018-2367","sourceIdentifier":"cna@sap.com","published":"2018-03-01T17:29:00.287","lastModified":"2024-11-21T04:03:41.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."},{"lang":"es","value":"ABAP File Interface en SAP BASIS, de la versión 7.00 a la 7.02, de la versión 7.10 a la 7.11, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.52, permite que un atacante explote la validación insuficiente de la información de ruta proporcionada por los usuarios, por lo que los caracteres que representan \"salto al directorio padre\" se pasan a las API de archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.00","versionEndIncluding":"7.02","matchCriteriaId":"CF38D1E1-E07F-4E51-AE76-E27E7CE4F55C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10","versionEndIncluding":"7.11","matchCriteriaId":"4CB61EF9-414F-4563-B091-3E9B708CAB1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.50","versionEndIncluding":"7.52","matchCriteriaId":"D90BE6E0-559E-4509-95EA-CB820611E16D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*","matchCriteriaId":"990D5985-7828-4D8C-9463-CA077AB3881E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*","matchCriteriaId":"341C07C1-2B4A-475D-B200-1021EB6B1F79"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*","matchCriteriaId":"4D80CC30-EE05-439F-BF2C-1267837137DE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103006","source":"cna@sap.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2562089","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"http://www.securityfocus.com/bid/103006","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2562089","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}