SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
References
Link | Resource |
---|---|
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/3242933 | Permissions Required Vendor Advisory |
http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-10-11 14:15
Updated : 2022-10-17 09:15
NVD link : CVE-2022-39802
Mitre link : CVE-2022-39802
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
sap
- manufacturing_execution