CVE-2022-27657

2.7LOW

Key Information:

Vendor: SAP
Status: SAP Focused Run (simple Diagnostics Agent)
Vendor: CVE Published:; 12 April 2022

Summary

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

Affected Version(s)

SAP Focused Run (Simple Diagnostics Agent) 1.0

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3159091

x_refsource_MISC

http://seclists.org/fulldisclosure/2022/Jun/41

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Mar 22, 2022