Lucene search
SapCVELIST:CVE-2022-27668HistoryJun 14, 2022 - 4:57 p.m.
CVE-2022-27668
2022-06-1416:57:29
CWE-863
sap
www.cve.org
Depending on the configuration of the route permission table in file ‘saprouttab’, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
CNA Affected
[
{
"product": "SAP NetWeaver and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.49"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "7.88"
},
{
"status": "affected",
"version": "KRNL64NUC 7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.49"
},
{
"status": "affected",
"version": "SAP_ROUTER 7.53"
},
{
"status": "affected",
"version": "7.22"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-06-14 17:15:00
nessus
nessus
SAP NetWeaver ABAP Improper Access Control (3158375)
2022-06-17 00:00:00
packetstorm
packetstorm
SAP SAProuter Improper Access Control
2022-09-16 00:00:00
cve
cve
CVE-2022-27668
2022-06-14 17:15:08
nvd
nvd
CVE-2022-27668
2022-06-14 17:15:08