CVE-2018-2404Unrestricted File Upload in SE SAP Disclosure Management

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.8CRITICALNVD
CNA4.3
EPSS
0.3%
top 50.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Disclosure ManagementSAP Disclosure Management
Timeline
PublishedApr 10
Latest updateMay 13

Description

SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-x28g-xvcp-c2gx: SAP Disclosure Management 102022-05-13
CVEList
CVE-2018-2404: SAP Disclosure Management 102018-04-10
CVE-2018-2404 — Unrestricted File Upload | cvebase