CVE-2022-39802
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
SAP Manufacturing Execution - versiones 15.1, 15.2, 15.3, permite a un atacante explotar una comprobación insuficiente de un parámetro de petición de ruta de archivo. La ruta de archivo prevista puede ser manipulada para permitir un recorrido arbitrario de directorios en el servidor remoto. El contenido de los archivos dentro de cada directorio puede ser leído, lo que puede conllevar a una divulgación de información
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-10-11 CVE Published
- 2022-10-16 First Exploit
- 2024-08-03 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redrays-io/CVE-2022-39802 | 2022-10-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2022-10-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Manufacturing Execution Search vendor "Sap" for product "Manufacturing Execution" | 15.1 Search vendor "Sap" for product "Manufacturing Execution" and version "15.1" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Manufacturing Execution Search vendor "Sap" for product "Manufacturing Execution" | 15.2 Search vendor "Sap" for product "Manufacturing Execution" and version "15.2" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Manufacturing Execution Search vendor "Sap" for product "Manufacturing Execution" | 15.3 Search vendor "Sap" for product "Manufacturing Execution" and version "15.3" | - |
Affected
| ||||||