Arbitrary Directory Traversal Vulnerability in SAP Manufacturing Execution (Versions 15.1-15.3)

Arbitrary Directory Traversal Vulnerability in SAP Manufacturing Execution (Versions 15.1-15.3)

CVE-2022-39802 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

Learn more about our Cis Benchmark Audit For Server Software.