CVE-2022-27657

{"id": "CVE-2022-27657", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2022-04-12T17:15:10.207", "references": [{"url": "http://packetstormsecurity.com/files/167563/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Directory-Traversal.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/41", "tags": ["Mailing List", "Third Party Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/3159091", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0."}, {"lang": "es", "value": "Un atacante remoto con altos privilegios, puede obtener acceso no autorizado para mostrar el contenido de directorios restringidos aprovechando la insuficiente comprobaci\u00f3n de la informaci\u00f3n de la ruta en SAP Focused Run (Simple Diagnostics Agent versi\u00f3n 1.0) - versi\u00f3n 1.0"}], "lastModified": "2023-02-01T14:36:15.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:focused_run:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DFE7A3-04F1-449E-8437-9EC207F6C6AE"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}