ID CVE-2022-27657Type cveReporter cna@sap.comModified 2022-04-28T14:40:00
Description
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
{"id": "CVE-2022-27657", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-27657", "description": "A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.", "published": "2022-04-12T17:15:00", "modified": "2022-04-28T14:40:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27657", "reporter": "cna@sap.com", "references": ["https://launchpad.support.sap.com/#/notes/3159091", "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"], "cvelist": ["CVE-2022-27657"], "immutableFields": [], "lastseen": "2022-04-28T17:42:36", "viewCount": 11, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:sap:focused_run:1.0"], "cpe23": ["cpe:2.3:a:sap:focused_run:1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-22"], "affectedSoftware": [{"cpeName": "sap:focused_run", "version": "1.0", "operator": "eq", "name": "sap focused run"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:focused_run:1.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://launchpad.support.sap.com/#/notes/3159091", "name": "https://launchpad.support.sap.com/#/notes/3159091", "refsource": "MISC", "tags": ["Permissions Required", "Vendor Advisory"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}
{}
