Vulnerability Details : CVE-2018-2380
Potential exploit
Used for ransomware!
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Products affected by CVE-2018-2380
- cpe:2.3:a:sap:customer_relationship_management:7.33:*:*:*:*:*:*:*
- cpe:2.3:a:sap:customer_relationship_management:7.01:*:*:*:*:*:*:*
- cpe:2.3:a:sap:customer_relationship_management:7.02:*:*:*:*:*:*:*
- cpe:2.3:a:sap:customer_relationship_management:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:sap:customer_relationship_management:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:customer_relationship_management:7.54:*:*:*:*:*:*:*
CVE-2018-2380 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-2380
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2018-2380
57.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2380
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
6.6
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
2.3
|
3.7
|
NIST | |
|
6.6
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
2.3
|
3.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-29 |
|
6.6
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
2.3
|
3.7
|
NIST | 2025-01-28 |
CWE ids for CVE-2018-2380
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-2380
-
https://github.com/erpscanteam/CVE-2018-2380
GitHub - erpscanteam/CVE-2018-2380: PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRMExploit;Third Party Advisory
-
https://launchpad.support.sap.com/#/notes/2547431
SAP ONE Support Launchpad: Log OnPermissions Required
-
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
SAP Security Patch Day – February 2018 | SAP BlogsVendor Advisory
-
http://www.securityfocus.com/bid/103001
SAP Customer Relationship Management CVE-2018-2380 Directory Traversal VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44292/
SAP NetWeaver AS JAVA CRM - Log injection Remote Command ExecutionExploit;Third Party Advisory;VDB Entry
Jump to