Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-39802

Published: 11/10/2022 Updated: 28/10/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Subscribe to Manufacturing Execution

Vulnerability Summary

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an malicious user to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap manufacturing execution 15.2

sap manufacturing execution 15.3

sap manufacturing execution 15.1

Github Repositories

CVE-2022-39802 SAP Manufacturing Execution - versions 151, 152, 153, allows an attacker to exploit insufficient validation of a file path request parameter The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server The file content within each directory can be read which may lead to information disclosure authentication c

3242933 – [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution General information Risk: CRITICAL Versions Affected: SAP MFG EXECUTION CORE 151 SAP MFG EXECUTION CORE 152 SAP MFG EXECUTION CORE 153 Vendor URL: sapcom Bug: File path traversal vulnerability Reported: September 2022 Date of Publ

CVE-2022-3980 An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 500 and 974 authentication complexity vector not available not available not available confidentiality integrity availability not available not available not available CVSS

References

CWE-22https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlhttps://launchpad.support.sap.com/#/notes/3242933http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.htmlhttps://github.com/Live-Hack-CVE/CVE-2022-39802https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusionCVE-2021-41144CVE-2022-34689CVE-2023-22242CVE-2023-22322XML injectionCVE-2022-39811CVE-2022-31711buffer overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook