CVE-2022-39802

Summary

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Manufacturing Execution15.1affected
SAP SESAP Manufacturing Execution15.2affected
SAP SESAP Manufacturing Execution15.3affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References