Vulnerability Description
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Manufacturing Execution | 15.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/3242933Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/3242933Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
FAQ
What is CVE-2022-39802?
CVE-2022-39802 is a vulnerability with a CVSS score of 7.5 (HIGH). SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbi...
How severe is CVE-2022-39802?
CVE-2022-39802 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39802?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Manufacturing Execution.