Vulnerabilities > CVE-2018-2487 - Unspecified vulnerability in SAP Disclosure Management 10.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.securityfocus.com/bid/105908
- http://www.securityfocus.com/bid/105908
- https://launchpad.support.sap.com/#/notes/2701410
- https://launchpad.support.sap.com/#/notes/2701410
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832