CVE-2018-2366

Name of the Vulnerable Software and Affected Versions: SAP Business Process Automation (BPA) By Redwood versions 9.0 through 9.1

Description: The issue is related to insufficient validation of path information provided by users, allowing an attacker to exploit this weakness. This can lead to the traversal of directory paths, potentially enabling the attacker to access arbitrary files on the server, including system files, and obtain critical information by escaping the intended directory boundaries.

Recommendations: For versions 9.0 and 9.1, consider restricting access to file APIs to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of users to provide path information to prevent directory traversal attacks.