CVE-2022-39802

Name of the Vulnerable Software and Affected Versions SAP Manufacturing Execution versions 15.1 through 15.3

Description The issue allows an attacker to exploit insufficient validation of a file path request parameter, enabling arbitrary traversal of directories on the remote server. This can lead to information disclosure as the file content within each directory can be read. The vulnerability is related to incorrect limitation of the directory path name with limited access, which may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For SAP Manufacturing Execution versions 15.1 through 15.3, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable file path request parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.