Description
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/168716/SAP-Manufacturing-Execution-Core-15.3-Path-Traversal.html
Permissions Required, Vendor Advisory
https://launchpad.support.sap.com/#/notes/3242933
Scores
CVSS v3
7.5
EPSS
0.0374
EPSS Percentile
88.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (3)
sap/manufacturing_execution
15.1
sap/manufacturing_execution
15.2
sap/manufacturing_execution
15.3
Published
Oct 11, 2022
Tracked Since
Feb 18, 2026