← volver
CVE-2018-2366

CVE-2018-2366

CVSS 4.3 MEDIUMEPSS 1.6%
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP SE · SAP Business Process Automation (BPA) By Redwood

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/https://launchpad.support.sap.com/#/notes/2555667http://www.securityfocus.com/bid/103371