Path Traversal Vulnerability in SAP Manufacturing Execution Software
CVE-2022-39802
Summary
SAP Manufacturing Execution versions 15.1, 15.2, and 15.3 are susceptible to a path traversal vulnerability due to insufficient validation of file path request parameters. This allows attackers to manipulate intended file paths, enabling unauthorized access to directories on the remote server. Consequently, sensitive file content within these directories can be disclosed, highlighting a significant information security risk for organizations using these versions.
Affected Version(s)
SAP Manufacturing Execution 15.1
SAP Manufacturing Execution 15.2
SAP Manufacturing Execution 15.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved