CVE-2022-39802Path Traversal in SE SAP Manufacturing Execution

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
3.7%
top 11.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Manufacturing ExecutionSAP Manufacturing Execution
Timeline
PublishedOct 11
Latest updateOct 12

Description

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDsap/manufacturing_execution15.1, 15.2, 15.3+2
CVEListV5sap_se/sap_manufacturing_execution15.1, 15.2, 15.3+2

🔴Vulnerability Details

2
GHSA
GHSA-xqmc-v3x5-h7p2: SAP Manufacturing Execution - versions 152022-10-12
CVEList
CVE-2022-39802: SAP Manufacturing Execution - versions 152022-10-11
CVE-2022-39802 — Path Traversal | cvebase