QwikSec

Security Database

CVE

CWE

Training

CVE-2018-2487

Published: Nov 13, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

Vendor	Product	Versions
SAP	SAP Disclosure Management	affected `= 10.X`

References

vdb-entry

x_refsource_BID

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2701410

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.