Lucene search

[email protected]CVE-2022-29616

HistoryMay 11, 2022 - 4:15 p.m.

CVE-2022-29616

2022-05-1116:15:09

CWE-787

[email protected]

web.nvd.nist.gov

sap

host agent

netweaver

abap platform

cve-2022-29616

memory corruption

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.6%

JSON

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

Affected configurations

NVD

Node

sapnetweaver_as_abap_kernelMatch7.22

sapnetweaver_as_abap_kernelMatch7.49

sapnetweaver_as_abap_kernelMatch7.53

sapnetweaver_as_abap_kernelMatch7.77

sapnetweaver_as_abap_kernelMatch7.81

sapnetweaver_as_abap_kernelMatch7.85

sapnetweaver_as_abap_kernelMatch7.86

sapnetweaver_as_abap_kernelMatch7.87

sapnetweaver_as_abap_kernelMatch8.04

sapnetweaver_as_abap_krnl64nucMatch7.22

sapnetweaver_as_abap_krnl64nucMatch7.22ext

sapnetweaver_as_abap_krnl64nucMatch7.49

sapnetweaver_as_abap_krnl64ucMatch7.22

sapnetweaver_as_abap_krnl64ucMatch7.22ext

sapnetweaver_as_abap_krnl64ucMatch7.49

sapnetweaver_as_abap_krnl64ucMatch7.53

sapnetweaver_as_abap_krnl64ucMatch8.04

CPENameOperatorVersion
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.22
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.49
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.53
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.77
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.81
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.85
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.86
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq7.87
sap:netweaver_as_abap_kernelsap netweaver as abap kerneleq8.04
sap:netweaver_as_abap_krnl64nucsap netweaver as abap krnl64nuceq7.22

CPE	Name	Operator	Version
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.22
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.49
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.53
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.77
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.81
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.85
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.86
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	7.87
sap:netweaver_as_abap_kernel	sap netweaver as abap kernel	eq	8.04
sap:netweaver_as_abap_krnl64nuc	sap netweaver as abap krnl64nuc	eq	7.22

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "SAP NetWeaver and ABAP Platform",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "7.49"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 8.04"
      },
      {
        "status": "affected",
        "version": "7.22"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "8.04"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.81"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.86"
      },
      {
        "status": "affected",
        "version": "7.87"
      },
      {
        "status": "affected",
        "version": "7.88"
      }
    ]
  },
  {
    "product": "SAP Host Agent",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.22"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3145702

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.6%

JSON

Related for CVE-2022-29616

cvelist1 prion1 nessus1 nvd1