CVE-2022-27657

Published: Apr 12, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

Vendor	Product	Versions
SAP SE	SAP Focused Run (Simple Diagnostics Agent)	affected `1.0`

Weaknesses (CWE)

CWE-22

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3159091

x_refsource_MISC

20220621 Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/167563/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Directory-Traversal.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-27657

Description

Affected Products

Weaknesses (CWE)

References