Overview
- Description
- SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- cna@sap.com
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23297FB8-B4A8-4E84-80EE-67907C249A70"
},
{
"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87614D9A-544B-42FE-9C58-5389E3716240"
},
{
"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7FC9087-C677-4AD0-8A06-93FC19E06409"
}
],
"operator": "OR"
}
]
}
]