Vulnerability Details CVE-2022-39802
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.6%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
- https://launchpad.support.sap.com/#/notes/3242933
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
- https://launchpad.support.sap.com/#/notes/3242933
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Products affected by CVE-2022-39802
-
cpe:2.3:a:sap:manufacturing_execution:15.1
-
cpe:2.3:a:sap:manufacturing_execution:15.2
-
cpe:2.3:a:sap:manufacturing_execution:15.3