CVE-2018-2366

MEDIUM

SAP Business Process Automation By Redwood 9.0 9.1 - Path Traversal

Title source: llm
STIX 2.1

Description

SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103371
Permissions Required x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2555667

Scores

CVSS v3 4.3
EPSS 0.0160
EPSS Percentile 72.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
redwood/sap_business_process_automation 9.0
redwood/sap_business_process_automation 9.1
Published Mar 14, 2018
Tracked Since Feb 18, 2026