SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability

Bugtraq ID:	105908
Class:	Design Error
CVE:	CVE-2018-2487
Remote:	Yes
Local:	No
Published:	Nov 13 2018 12:00AM
Updated:	Nov 13 2018 12:00AM
Credit:	SAP
Vulnerable:	SAP Disclosure Management 10.1
Not Vulnerable:

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability

SAP Disclosure Management is prone to an arbitrary file-overwrite vulnerability.

Successful exploits will allow attackers to overwrite arbitrary files on the affected computer and execute arbitrary commands with the privileges of the user running the affected application.

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note 2701410 (SAP)
  
• SAP Security Patch Day �?? November 2018 (SAP)