Lucene search

[email protected]CVE-2022-28772

HistoryApr 12, 2022 - 5:15 p.m.

CVE-2022-28772

2022-04-1217:15:10

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

cve-2022-28772

sap

web dispatcher

internet communication manager

denial of service

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Affected configurations

NVD

Node

sapnetweaverMatch7.22ext

sapnetweaverMatch7.49

sapnetweaverMatch7.53

sapnetweaverMatch7.77

sapnetweaverMatch7.81

sapnetweaverMatch7.85

sapnetweaverMatch7.86

sapnetweaverMatchkernel_7.22

sapnetweaverMatchkrnl64nuc_7.22

sapnetweaverMatchkrnl64uc_7.22

sapweb_dispatcherMatch7.53

sapweb_dispatcherMatch7.77

sapweb_dispatcherMatch7.81

sapweb_dispatcherMatch7.85

sapweb_dispatcherMatch7.86

CPENameOperatorVersion
sap:netweaversap netweavereq7.22ext
sap:netweaversap netweavereq7.49
sap:netweaversap netweavereq7.53
sap:netweaversap netweavereq7.77
sap:netweaversap netweavereq7.81
sap:netweaversap netweavereq7.85
sap:netweaversap netweavereq7.86
sap:netweaversap netweavereqkernel_7.22
sap:netweaversap netweavereqkrnl64nuc_7.22
sap:netweaversap netweavereqkrnl64uc_7.22

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.22ext
sap:netweaver	sap netweaver	eq	7.49
sap:netweaver	sap netweaver	eq	7.53
sap:netweaver	sap netweaver	eq	7.77
sap:netweaver	sap netweaver	eq	7.81
sap:netweaver	sap netweaver	eq	7.85
sap:netweaver	sap netweaver	eq	7.86
sap:netweaver	sap netweaver	eq	kernel_7.22
sap:netweaver	sap netweaver	eq	krnl64nuc_7.22
sap:netweaver	sap netweaver	eq	krnl64uc_7.22

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "product": "SAP NetWeaver (Internet Communication Manager)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "7.49"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.81"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.86"
      }
    ]
  },
  {
    "product": "SAP Web Dispatcher",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.81"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.86"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3111311

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

Related for CVE-2022-28772

nvd1 prion1 cvelist1