CVE-2018-2366
MEDIUMSAP Business Process Automation By Redwood 9.0 9.1 - Path Traversal
Title source: llmDescription
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103371
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
Permissions Required x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2555667
Scores
CVSS v3
4.3
EPSS
0.0160
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
redwood/sap_business_process_automation
9.0
redwood/sap_business_process_automation
9.1
Published
Mar 14, 2018
Tracked Since
Feb 18, 2026