CVE-2022-27657

CWE-22 — Path Traversal3 documents3 sources

Severity

2.7LOW

EPSS

0.3%

top 47.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Focused RUN (simple Diagnostics Agent)SAP Focused RUN

Timeline

PublishedApr 12

Latest updateApr 13

Description

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_focused_run_(simple_diagnostics_agent)1.0

▶NVDsap/focused_run1.0

🔴Vulnerability Details

GHSA

GHSA-vr5w-v4j5-6636: A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation↗2022-04-13

▶

CVEList

CVE-2022-27657: A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation↗2022-04-12

▶