Vulnerabilities > CVE-2022-39802 - Unspecified vulnerability in SAP Manufacturing Execution 15.1/15.2/15.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
References
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
- http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
- https://launchpad.support.sap.com/#/notes/3242933
- https://launchpad.support.sap.com/#/notes/3242933
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html