Unrated severityCISA KEVNVD Advisory· Published Mar 1, 2018· Updated Oct 21, 2025

CVE-2018-2380

Description

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

Affected products

SAP SE/SAP CRMv5
Range: 7.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44292/mitreexploitx_refsource_EXPLOIT-DB
www.securityfocus.com/bid/103001mitrevdb-entryx_refsource_BID
blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/mitrex_refsource_CONFIRM
launchpad.support.sap.commitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.039
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060