{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T19:14:40.486","vulnerabilities":[{"cve":{"id":"CVE-2018-2380","sourceIdentifier":"cna@sap.com","published":"2018-03-01T17:29:00.413","lastModified":"2025-10-31T22:05:53.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."},{"lang":"es","value":"SAP CRM 7.01, 7.02, 7.30, 7.31, 7.33 y 7.54 permite que un atacante explote la validaciĆ³n insuficiente de la informaciĆ³n de ruta proporcionada por los usuarios, por lo que los caracteres que representan \"salto al directorio padre\" se pasan a las API de archivo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:S\/C:P\/I:P\/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"SAP Customer Relationship Management (CRM) Path Traversal Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.01:*:*:*:*:*:*:*","matchCriteriaId":"136E88EF-877A-4881-B098-3472E02FC45A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.02:*:*:*:*:*:*:*","matchCriteriaId":"3029F4DC-63CD-49C6-A98E-5A5B01E104FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.30:*:*:*:*:*:*:*","matchCriteriaId":"51E097C6-61E3-4D8A-ABEC-A32BA68E3D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.31:*:*:*:*:*:*:*","matchCriteriaId":"4258AAE6-ABD0-47C1-B794-E68D3A57EEE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.33:*:*:*:*:*:*:*","matchCriteriaId":"4392BD0F-A286-4AEA-89E5-D151034C9055"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:customer_relationship_management:7.54:*:*:*:*:*:*:*","matchCriteriaId":"CFD82446-BD1D-40E7-A216-2239B7D07691"}]}]}],"references":[{"url":"http:\/\/www.securityfocus.com\/bid\/103001","source":"cna@sap.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https:\/\/blogs.sap.com\/2018\/02\/13\/sap-security-patch-day-february-2018\/","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https:\/\/github.com\/erpscanteam\/CVE-2018-2380","source":"cna@sap.com","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/launchpad.support.sap.com\/#\/notes\/2547431","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https:\/\/www.exploit-db.com\/exploits\/44292\/","source":"cna@sap.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http:\/\/www.securityfocus.com\/bid\/103001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https:\/\/blogs.sap.com\/2018\/02\/13\/sap-security-patch-day-february-2018\/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https:\/\/github.com\/erpscanteam\/CVE-2018-2380","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/launchpad.support.sap.com\/#\/notes\/2547431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https:\/\/www.exploit-db.com\/exploits\/44292\/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2380","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}