First published: Tue Oct 11 2022(Updated: )
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Manufacturing Execution | =15.1 | |
SAP Manufacturing Execution | =15.2 | |
SAP Manufacturing Execution | =15.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39802 is a vulnerability in SAP Manufacturing Execution versions 15.1, 15.2, and 15.3 that allows an attacker to perform arbitrary traversal of directories on the remote server.
CVE-2022-39802 has a severity of 7.5 (High).
Version 15.1, 15.2, and 15.3 of SAP Manufacturing Execution are affected by CVE-2022-39802.
An attacker can exploit CVE-2022-39802 by manipulating the file path request parameter to perform arbitrary traversal of directories on the remote server.
Yes, here are some references related to CVE-2022-39802: [Link 1](http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html), [Link 2](https://launchpad.support.sap.com/#/notes/3242933), [Link 3](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).