7.5
CVSSv3

CVE-2022-39802

Published: 11/10/2022 Updated: 28/10/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vulnerability Summary

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an malicious user to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap manufacturing execution 15.2

sap manufacturing execution 15.3

sap manufacturing execution 15.1

Github Repositories

CVE-2022-39802 SAP Manufacturing Execution - versions 151, 152, 153, allows an attacker to exploit insufficient validation of a file path request parameter The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server The file content within each directory can be read which may lead to information disclosure authentication c

3242933 – [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution General information Risk: CRITICAL Versions Affected: SAP MFG EXECUTION CORE 151 SAP MFG EXECUTION CORE 152 SAP MFG EXECUTION CORE 153 Vendor URL: sapcom Bug: File path traversal vulnerability Reported: September 2022 Date of Publ

CVE-2022-3980 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 500 and 974 authentication complexity vector not available not available not available confidentiality integrity availability not available not available not available CVSS