CVE-2018-2367

Name of the Vulnerable Software and Affected Versions SAP BASIS versions 7.00 through 7.02 SAP BASIS versions 7.10 through 7.11 SAP BASIS version 7.30 SAP BASIS version 7.31 SAP BASIS version 7.40 SAP BASIS versions 7.50 through 7.52

Description The issue allows an attacker to exploit insufficient validation of path information provided by users. This can lead to characters representing "traverse to parent directory" being passed through to the file APIs, potentially allowing unauthorized access to files.

Recommendations For SAP BASIS versions 7.00 through 7.02, update to a version outside of this range to resolve the issue. For SAP BASIS versions 7.10 through 7.11, update to a version outside of this range to resolve the issue. For SAP BASIS version 7.30, update to a version outside of this range to resolve the issue. For SAP BASIS version 7.31, update to a version outside of this range to resolve the issue. For SAP BASIS version 7.40, update to a version outside of this range to resolve the issue. For SAP BASIS versions 7.50 through 7.52, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the ABAP File Interface to minimize the risk of exploitation.