Published: 11/10/2022 Updated: 28/10/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vulnerability Summary

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an malicious user to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

Most Upvoted Vulmon Research Post

The critical vulnerability was discovered by RedRays R&D center in SAP NetWeaver AS JAVA in ME module https://redrays.io/3242933-cve-2022-39802-file-path-traversal-vulnerability-in-sap-manufacturing-execution/

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap manufacturing execution 15.2

sap manufacturing execution 15.3

sap manufacturing execution 15.1

Github Repositories

3242933 – [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution General information Risk: CRITICAL Versions Affected: SAP MFG EXECUTION CORE 151 SAP MFG EXECUTION CORE 152 SAP MFG EXECUTION CORE 153 Vendor URL: sapcom Bug: File path traversal vulnerability Reported: September 2022 Date of Publ