{"containers":{"cna":{"affected":[{"product":"SAP CRM","vendor":"SAP SE","versions":[{"status":"affected","version":"7.01"},{"status":"affected","version":"7.02"},{"status":"affected","version":"7.30"},{"status":"affected","version":"7.31"},{"status":"affected","version":"7.33"},{"status":"affected","version":"7.54"}]}],"datePublic":"2018-02-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."}],"problemTypes":[{"descriptions":[{"description":"Directory/Path Traversal","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-03-17T09:57:01.000Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/erpscanteam/CVE-2018-2380"},{"name":"44292","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/44292/"},{"tags":["x_refsource_CONFIRM"],"url":"https://launchpad.support.sap.com/#/notes/2547431"},{"name":"103001","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/103001"},{"tags":["x_refsource_CONFIRM"],"url":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2018-2380","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SAP CRM","version":{"version_data":[{"version_affected":"=","version_value":"7.01"},{"version_affected":"=","version_value":"7.02"},{"version_affected":"=","version_value":"7.30"},{"version_affected":"=","version_value":"7.31"},{"version_affected":"=","version_value":"7.33"},{"version_affected":"=","version_value":"7.54"}]}}]},"vendor_name":"SAP SE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing \"traverse to parent directory\" are passed through to the file APIs."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Directory/Path Traversal"}]}]},"references":{"reference_data":[{"name":"https://github.com/erpscanteam/CVE-2018-2380","refsource":"MISC","url":"https://github.com/erpscanteam/CVE-2018-2380"},{"name":"44292","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44292/"},{"name":"https://launchpad.support.sap.com/#/notes/2547431","refsource":"CONFIRM","url":"https://launchpad.support.sap.com/#/notes/2547431"},{"name":"103001","refsource":"BID","url":"http://www.securityfocus.com/bid/103001"},{"name":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/","refsource":"CONFIRM","url":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T04:14:39.708Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/erpscanteam/CVE-2018-2380"},{"name":"44292","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/44292/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://launchpad.support.sap.com/#/notes/2547431"},{"name":"103001","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/103001"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"}]},{"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":6.6,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"HIGH","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"id":"CVE-2018-2380","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-01-29T20:12:55.158230Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2021-11-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2380"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2380","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"timeline":[{"time":"2021-11-03T00:00:00.000Z","lang":"en","value":"CVE-2018-2380 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:45:56.073Z"}}]},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2018-2380","datePublished":"2018-03-01T17:00:00.000Z","dateReserved":"2017-12-15T00:00:00.000Z","dateUpdated":"2025-10-21T23:45:56.073Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}