CVE-2022-39802
N/A
N/A
Summary
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Manufacturing Execution | 15.1 | affected |
| SAP SE | SAP Manufacturing Execution | 15.2 | affected |
| SAP SE | SAP Manufacturing Execution | 15.3 | affected |
Weaknesses
- CWE-22: CWE-22
ADP Enrichment
CVE Program Container
Additional References
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://launchpad.support.sap.com/#/notes/3242933
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
References
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://launchpad.support.sap.com/#/notes/3242933
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.