CVE-2022-28772

Published Apr 12, 2022

Last updated 3 years ago

Overview

Description: By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
Source: cna@sap.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787
cna@sap.com: CWE-121

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71AFBCEC-649C-4389-85C2-6C245290E91A"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7245DC9-CB62-477A-86B3-41CBBB878F3B"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77CA44BC-8650-4A20-A359-0FE568E1B345"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95D831B3-1B5B-441F-8429-B6EC7161A7B5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D232796-B486-4C58-AD93-46D5948F1586"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93AA0006-CEEC-4037-B1FC-3C4A7E0D1905"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C269F298-5AB8-4AA1-911A-403F5EA62DEE"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87AABA4D-7683-47B4-BAF7-22AA42E074D4"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D28A3C2-D601-405F-A17C-6A6EBE43DF31"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA038239-63B2-4C31-8E74-EE053548621D"
          },
          {
            "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77"
          },
          {
            "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25"
          },
          {
            "criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941"
          },
          {
            "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2"
          },
          {
            "criteria": "cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327A87AD-6635-4511-8505-F4418CD9D49C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References