CVE-2018-2487
HIGH
8,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
5,1
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0068
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
Application
Disclosure Management by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:disclosure_management:10.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://launchpad.support.sap.com/#/notes/2701410
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
http://www.securityfocus.com/bid/105908
https://launchpad.support.sap.com/#/notes/2701410
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
http://www.securityfocus.com/bid/105908