Vulnerability-Lookup

CVE-2022-28772 (GCVE-0-2022-28772)

Vulnerability from cvelistv5 – Published: 2022-04-12 16:11 – Updated: 2024-08-03 06:03

Summary

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-121

Assigner

sap

References

2 references

URL	Tags
https://www.sap.com/documents/2022/02/fa865ea4-16…	x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3111311	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
SAP SE	SAP NetWeaver (Internet Communication Manager)	Affected: KRNL64NUC 7.22 Affected: 7.22EXT Affected: 7.49 Affected: KRNL64UC 7.22 Affected: 7.53 Affected: KERNEL 7.22 Affected: 7.77 Affected: 7.81 Affected: 7.85 Affected: 7.86
SAP SE	SAP Web Dispatcher	Affected: 7.53 Affected: 7.77 Affected: 7.81 Affected: 7.85 Affected: 7.86

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:03:52.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3111311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver (Internet Communication Manager)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22"
            },
            {
              "status": "affected",
              "version": "7.22EXT"
            },
            {
              "status": "affected",
              "version": "7.49"
            },
            {
              "status": "affected",
              "version": "KRNL64UC 7.22"
            },
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.22"
            },
            {
              "status": "affected",
              "version": "7.77"
            },
            {
              "status": "affected",
              "version": "7.81"
            },
            {
              "status": "affected",
              "version": "7.85"
            },
            {
              "status": "affected",
              "version": "7.86"
            }
          ]
        },
        {
          "product": "SAP Web Dispatcher",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "7.77"
            },
            {
              "status": "affected",
              "version": "7.81"
            },
            {
              "status": "affected",
              "version": "7.85"
            },
            {
              "status": "affected",
              "version": "7.86"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-12T16:11:32.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3111311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-28772",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver (Internet Communication Manager)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64NUC 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64UC 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KERNEL 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.77"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.81"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.85"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.86"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP Web Dispatcher",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.77"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.81"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.85"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.86"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3111311",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3111311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-28772",
    "datePublished": "2022-04-12T16:11:32.000Z",
    "dateReserved": "2022-04-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:03:52.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-28772",
      "date": "2026-06-01",
      "epss": "0.01139",
      "percentile": "0.78706"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71AFBCEC-649C-4389-85C2-6C245290E91A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7245DC9-CB62-477A-86B3-41CBBB878F3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77CA44BC-8650-4A20-A359-0FE568E1B345\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D831B3-1B5B-441F-8429-B6EC7161A7B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D232796-B486-4C58-AD93-46D5948F1586\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93AA0006-CEEC-4037-B1FC-3C4A7E0D1905\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C269F298-5AB8-4AA1-911A-403F5EA62DEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87AABA4D-7683-47B4-BAF7-22AA42E074D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D28A3C2-D601-405F-A17C-6A6EBE43DF31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA038239-63B2-4C31-8E74-EE053548621D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47D4D542-2EC2-490B-B4E9-3E7BB8D59B77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33D9481-3CF6-4AA3-B115-7903AC6DAE25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F74EE4D5-E968-4851-89E6-4152F64930F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"327A87AD-6635-4511-8505-F4418CD9D49C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.\"}, {\"lang\": \"es\", \"value\": \"Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web Dispatcher - versiones 7.53, 7.77, 7.81, 7.85, 7.86, o Internet Communication Manager - versiones KRNL64NUC 7. 22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, lo que hace que estos programas no est\\u00e9n disponibles, conllevando a una denegaci\\u00f3n de servicio\"}]",
      "id": "CVE-2022-28772",
      "lastModified": "2024-11-21T06:57:54.167",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-04-12T17:15:10.833",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3111311\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3111311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28772\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2022-04-12T17:15:10.833\",\"lastModified\":\"2024-11-21T06:57:54.167\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.\"},{\"lang\":\"es\",\"value\":\"Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web Dispatcher - versiones 7.53, 7.77, 7.81, 7.85, 7.86, o Internet Communication Manager - versiones KRNL64NUC 7. 22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, lo que hace que estos programas no est\u00e9n disponibles, conllevando a una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71AFBCEC-649C-4389-85C2-6C245290E91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7245DC9-CB62-477A-86B3-41CBBB878F3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77CA44BC-8650-4A20-A359-0FE568E1B345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D831B3-1B5B-441F-8429-B6EC7161A7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D232796-B486-4C58-AD93-46D5948F1586\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93AA0006-CEEC-4037-B1FC-3C4A7E0D1905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C269F298-5AB8-4AA1-911A-403F5EA62DEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87AABA4D-7683-47B4-BAF7-22AA42E074D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D28A3C2-D601-405F-A17C-6A6EBE43DF31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA038239-63B2-4C31-8E74-EE053548621D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47D4D542-2EC2-490B-B4E9-3E7BB8D59B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33D9481-3CF6-4AA3-B115-7903AC6DAE25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74EE4D5-E968-4851-89E6-4152F64930F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"327A87AD-6635-4511-8505-F4418CD9D49C\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3111311\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3111311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-345

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	NetWeaver Application Server pour ABAP	SAP NetWeaver Application Server pour ABAP (Kernel) et ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	NetWeaver Application Server ABAP et ABAP Platform	SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 710, 711, 730, 731, 740 et 750-756
SAP	N/A	SAP Web Dispatcher versions 7.22, 7.49, 7.53, 7.77, 7.81 et 7.83
SAP	N/A	SAPS/4HANA(Supplier Factsheet et Enterprise Search pour Business Partner, Supplier et Customer) versions 104, 105 et 106
SAP	N/A	SAP Content Server version 7.53
SAP	N/A	SAP SQL Anywhere Server version 17.0
SAP	N/A	SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87
SAP	N/A	SAPUI5, versions 750, 753, 754, 755, 756 et 200
SAP	N/A	SAP Manufacturing Integration et Intelligence versions 15.1, 15.2, 15.3 et 15.4
SAP	N/A	SAP Powerdesigner Web Portal version 16.7
SAP	N/A	SAP Customer Checkout_SVR version 2.0
SAP	N/A	SAP NetWeaver (Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP NetWeaver Application Server pour Java Version 7.50
SAP	N/A	SAP Customer Checkout version 2.0
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform versions 420 et 430
SAP	N/A	SAP Focused Run (Simple Diagnostics Agent) version 1.0
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	NetWeaver Enterprise Portal	SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Fiori Launchpad versions 54, 755 et 756
SAP	N/A	SAP NetWeaver (EP Web Page Composer) versions 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP Commerce versions 905, 2005, 2105 et 2011
SAP	N/A	SAP Innovation Management version 2
SAP	N/A	SAP BusinessObjects Enterprise (Central Management Server) versions 420 et 430
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420
SAP	NetWeaver et ABAP	SAP NetWeaver et ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAPUI5 (vbm library) versions 750, 753, 754, 755 et 756
SAP	N/A	SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53
SAP	N/A	SAP NetWeaver (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP HANA Extended Application Services version 1
SAP	N/A	SAP NetWeaver ABAP Server et ABAP Platform versions 740, 750 et 787

References

Title

Publication Time

CERTFR-2022-AVI-345

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	NetWeaver Application Server pour ABAP	SAP NetWeaver Application Server pour ABAP (Kernel) et ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	NetWeaver Application Server ABAP et ABAP Platform	SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 710, 711, 730, 731, 740 et 750-756
SAP	N/A	SAP Web Dispatcher versions 7.22, 7.49, 7.53, 7.77, 7.81 et 7.83
SAP	N/A	SAPS/4HANA(Supplier Factsheet et Enterprise Search pour Business Partner, Supplier et Customer) versions 104, 105 et 106
SAP	N/A	SAP Content Server version 7.53
SAP	N/A	SAP SQL Anywhere Server version 17.0
SAP	N/A	SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87
SAP	N/A	SAPUI5, versions 750, 753, 754, 755, 756 et 200
SAP	N/A	SAP Manufacturing Integration et Intelligence versions 15.1, 15.2, 15.3 et 15.4
SAP	N/A	SAP Powerdesigner Web Portal version 16.7
SAP	N/A	SAP Customer Checkout_SVR version 2.0
SAP	N/A	SAP NetWeaver (Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP NetWeaver Application Server pour Java Version 7.50
SAP	N/A	SAP Customer Checkout version 2.0
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform versions 420 et 430
SAP	N/A	SAP Focused Run (Simple Diagnostics Agent) version 1.0
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	NetWeaver Enterprise Portal	SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Fiori Launchpad versions 54, 755 et 756
SAP	N/A	SAP NetWeaver (EP Web Page Composer) versions 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP Commerce versions 905, 2005, 2105 et 2011
SAP	N/A	SAP Innovation Management version 2
SAP	N/A	SAP BusinessObjects Enterprise (Central Management Server) versions 420 et 430
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420
SAP	NetWeaver et ABAP	SAP NetWeaver et ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49
SAP	N/A	SAPUI5 (vbm library) versions 750, 753, 754, 755 et 756
SAP	N/A	SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53
SAP	N/A	SAP NetWeaver (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86
SAP	N/A	SAP HANA Extended Application Services version 1
SAP	N/A	SAP NetWeaver ABAP Server et ABAP Platform versions 740, 750 et 787

References

Title

Publication Time

CNVD-2022-41302

Vulnerability from cnvd - Published: 2022-05-27

Title

SAP Web Dispatcher和Internet Communication Manager缓冲区溢出漏洞

Description

SAP Web dispatcher和SAP Internet Communication Manager（SAP ICM）都是德国思爱普（SAP）公司的产品。SAP Web dispatcher是Load Balancing 的核心组件，支持负载均衡，提供反向代理的功能，使得外网用户可以访问到内部应用。SAP Internet Communication Manager是一个SAP NetWeaver应用程序服务器的组件。用于接收和发送Web请求（HTTP、HTTPS、SMTP）。 SAP Web Dispatcher和Internet Communication Manage存在缓冲区溢出漏洞，该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界。攻击者可利用该漏洞导致程序拒绝服务。

Severity

中

Patch Name

SAP Web Dispatcher和Internet Communication Manager缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://launchpad.support.sap.com/#/notes/3111311

Reference

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Impacted products

Name
['SAP Internet Communication Manager 7.22EXT', 'SAP Internet Communication Manager 7.49', 'SAP Internet Communication Manager 7.53', 'SAP Internet Communication Manager 7.77', 'SAP Internet Communication Manager 7.81', 'SAP Web Dispatcher 7.53', 'SAP Web Dispatcher 7.77', 'SAP Web Dispatcher 7.81', 'SAP Web Dispatcher 7.85', 'SAP Web Dispatcher 7.86', 'SAP Internet Communication Manager KRNL64NUC 7.22', 'SAP Internet Communication Manager KRNL64UC 7.22', 'SAP Internet Communication Manager KERNEL 7.22', 'SAP Internet Communication Manager 7.85', 'SAP Internet Communication Manager 7.86']

Name

['SAP Internet Communication Manager 7.22EXT', 'SAP Internet Communication Manager 7.49', 'SAP Internet Communication Manager 7.53', 'SAP Internet Communication Manager 7.77', 'SAP Internet Communication Manager 7.81', 'SAP Web Dispatcher 7.53', 'SAP Web Dispatcher 7.77', 'SAP Web Dispatcher 7.81', 'SAP Web Dispatcher 7.85', 'SAP Web Dispatcher 7.86', 'SAP Internet Communication Manager KRNL64NUC 7.22', 'SAP Internet Communication Manager KRNL64UC 7.22', 'SAP Internet Communication Manager KERNEL 7.22', 'SAP Internet Communication Manager 7.85', 'SAP Internet Communication Manager 7.86']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-28772",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-28772"
    }
  },
  "description": "SAP Web dispatcher\u548cSAP Internet Communication Manager\uff08SAP ICM\uff09\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP Web dispatcher\u662fLoad Balancing \u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u652f\u6301\u8d1f\u8f7d\u5747\u8861\uff0c\u63d0\u4f9b\u53cd\u5411\u4ee3\u7406\u7684\u529f\u80fd\uff0c\u4f7f\u5f97\u5916\u7f51\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5230\u5185\u90e8\u5e94\u7528\u3002SAP Internet Communication Manager\u662f\u4e00\u4e2aSAP NetWeaver\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u7684\u7ec4\u4ef6\u3002\u7528\u4e8e\u63a5\u6536\u548c\u53d1\u9001Web\u8bf7\u6c42\uff08HTTP\u3001HTTPS\u3001SMTP\uff09\u3002\n\nSAP Web Dispatcher\u548cInternet Communication Manage\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://launchpad.support.sap.com/#/notes/3111311",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-41302",
  "openTime": "2022-05-27",
  "patchDescription": "SAP Web dispatcher\u548cSAP Internet Communication Manager\uff08SAP ICM\uff09\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP Web dispatcher\u662fLoad Balancing \u7684\u6838\u5fc3\u7ec4\u4ef6\uff0c\u652f\u6301\u8d1f\u8f7d\u5747\u8861\uff0c\u63d0\u4f9b\u53cd\u5411\u4ee3\u7406\u7684\u529f\u80fd\uff0c\u4f7f\u5f97\u5916\u7f51\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5230\u5185\u90e8\u5e94\u7528\u3002SAP Internet Communication Manager\u662f\u4e00\u4e2aSAP NetWeaver\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u7684\u7ec4\u4ef6\u3002\u7528\u4e8e\u63a5\u6536\u548c\u53d1\u9001Web\u8bf7\u6c42\uff08HTTP\u3001HTTPS\u3001SMTP\uff09\u3002\r\n\r\nSAP Web Dispatcher\u548cInternet Communication Manage\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7a0b\u5e8f\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Web Dispatcher\u548cInternet Communication Manager\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP Internet Communication Manager 7.22EXT",
      "SAP Internet Communication Manager 7.49",
      "SAP Internet Communication Manager 7.53",
      "SAP Internet Communication Manager 7.77",
      "SAP Internet Communication Manager 7.81",
      "SAP Web Dispatcher 7.53",
      "SAP Web Dispatcher 7.77",
      "SAP Web Dispatcher 7.81",
      "SAP Web Dispatcher 7.85",
      "SAP Web Dispatcher 7.86",
      "SAP Internet Communication Manager KRNL64NUC 7.22",
      "SAP Internet Communication Manager KRNL64UC 7.22",
      "SAP Internet Communication Manager KERNEL 7.22",
      "SAP Internet Communication Manager 7.85",
      "SAP Internet Communication Manager 7.86"
    ]
  },
  "referenceLink": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "serverity": "\u4e2d",
  "submitTime": "2022-04-15",
  "title": "SAP Web Dispatcher\u548cInternet Communication Manager\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2022-28772

Vulnerability from fkie_nvd - Published: 2022-04-12 17:15 - Updated: 2024-11-21 06:57

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/3111311	Permissions Required, Vendor Advisory
cna@sap.com	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/3111311	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver	7.22ext
sap	netweaver	7.49
sap	netweaver	7.53
sap	netweaver	7.77
sap	netweaver	7.81
sap	netweaver	7.85
sap	netweaver	7.86
sap	netweaver	kernel_7.22
sap	netweaver	krnl64nuc_7.22
sap	netweaver	krnl64uc_7.22
sap	web_dispatcher	7.53
sap	web_dispatcher	7.77
sap	web_dispatcher	7.81
sap	web_dispatcher	7.85
sap	web_dispatcher	7.86

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "71AFBCEC-649C-4389-85C2-6C245290E91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7245DC9-CB62-477A-86B3-41CBBB878F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "77CA44BC-8650-4A20-A359-0FE568E1B345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D831B3-1B5B-441F-8429-B6EC7161A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D232796-B486-4C58-AD93-46D5948F1586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "93AA0006-CEEC-4037-B1FC-3C4A7E0D1905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "C269F298-5AB8-4AA1-911A-403F5EA62DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "87AABA4D-7683-47B4-BAF7-22AA42E074D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D28A3C2-D601-405F-A17C-6A6EBE43DF31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA038239-63B2-4C31-8E74-EE053548621D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "327A87AD-6635-4511-8505-F4418CD9D49C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service."
    },
    {
      "lang": "es",
      "value": "Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web Dispatcher - versiones 7.53, 7.77, 7.81, 7.85, 7.86, o Internet Communication Manager - versiones KRNL64NUC 7. 22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, lo que hace que estos programas no est\u00e9n disponibles, conllevando a una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2022-28772",
  "lastModified": "2024-11-21T06:57:54.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-12T17:15:10.833",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3111311"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3111311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "cna@sap.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-22XF-VH82-92XW

Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00

Details

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-28772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-12T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.",
  "id": "GHSA-22xf-vh82-92xw",
  "modified": "2022-04-21T00:00:51Z",
  "published": "2022-04-13T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28772"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3111311"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-28772

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-28772

Aliases

CVE-2022-28772

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-28772",
    "description": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.",
    "id": "GSD-2022-28772"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-28772"
      ],
      "details": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.",
      "id": "GSD-2022-28772",
      "modified": "2023-12-13T01:19:34.859807Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2022-28772",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver (Internet Communication Manager)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "KRNL64NUC 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.22EXT"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.49"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KRNL64UC 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.22EXT"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.49"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.49"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.77"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.81"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.85"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.86"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Web Dispatcher",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.77"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.81"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.85"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.86"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "null",
          "vectorString": "null",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
            "refsource": "MISC",
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/3111311",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/3111311"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-28772"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3111311",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3111311"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-20T14:24Z",
      "publishedDate": "2022-04-12T17:15Z"
    }
  }
}

VAR-202204-1641

Vulnerability from variot - Updated: 2023-12-18 12:26

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1641",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "krnl64uc_7.22"
      },
      {
        "model": "web dispatcher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.85"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.81"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.85"
      },
      {
        "model": "web dispatcher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "web dispatcher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.77"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.49"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.53"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "krnl64nuc_7.22"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.77"
      },
      {
        "model": "web dispatcher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.86"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.86"
      },
      {
        "model": "web dispatcher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.81"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "kernel_7.22"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.22ext"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      }
    ]
  },
  "cve": "CVE-2022-28772",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-28772",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-28772",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-3155",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-28772",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-28772"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-28772",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-28772",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "id": "VAR-202204-1641",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.27111164
  },
  "last_update_date": "2023-12-18T12:26:14.959000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Web Dispatcher Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190239"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://launchpad.support.sap.com/#/notes/3111311"
      },
      {
        "trust": 1.7,
        "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-28772/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-38045"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "date": "2022-04-12T17:15:10.833000",
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "date": "2022-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-28772"
      },
      {
        "date": "2022-04-20T14:24:08.470000",
        "db": "NVD",
        "id": "CVE-2022-28772"
      },
      {
        "date": "2022-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Web Dispatcher Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3155"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-28772 (GCVE-0-2022-28772)

CERTFR-2022-AVI-345

Solution

CERTFR-2022-AVI-345

Solution

CNVD-2022-41302

FKIE_CVE-2022-28772

GHSA-22XF-VH82-92XW

GSD-2022-28772

VAR-202204-1641

Tags

Sightings

Nomenclature