CVE-2018-2487 — SAP Disclosure Management vulnerability

3 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.6%

top 31.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Disclosure Management SAP Disclosure Management

Timeline

PublishedNov 13

Latest updateMay 13

Description

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages2 packages

▶NVDsap/disclosure_management10.1

▶CVEListV5sap/sap_disclosure_management= 10.X

🔴Vulnerability Details

GHSA

GHSA-p3hh-wp2w-w6v6: SAP Disclosure Management 10↗2022-05-13

▶

CVEList

CVE-2018-2487: SAP Disclosure Management 10↗2018-11-13

▶