CVE-2018-2487

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management versions 10.x

Description The issue allows an attacker to exploit the system through a specially crafted zip file provided by users. When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

Recommendations For SAP Disclosure Management versions 10.x, consider validating and sanitizing user-provided zip files to prevent malicious files from being extracted to unintended locations. As a temporary workaround, restrict the ability of users to upload zip files until a proper fix is available.