CVE-2018-2380

Name of the Vulnerable Software and Affected Versions SAP CRM versions 7.01 through 7.54

Description The issue is related to insufficient validation of path information provided by users, allowing an attacker to exploit this weakness. This can lead to characters representing "traverse to parent directory" being passed through to the file APIs, potentially enabling remote attackers to execute arbitrary commands due to incorrect restriction of access to a limited directory.

Recommendations For versions 7.01 through 7.54, update to a version that includes the necessary security patches to address the path traversal vulnerability. As a temporary workaround, consider restricting access to sensitive directories and limiting the ability to traverse to parent directories until a patch is available.