CVE-2022-29612

Published Jun 14, 2022

Last updated 2 years ago

CVSS medium 4.3

Overview

Description: SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

cna@sap.com: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E135017-1492-49F5-B3ED-F69D5476FB46"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECEB43E-5E9C-4638-B7D8-29968AE1F4BB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6606C14A-C9E6-4D4A-8E64-0699CBB15B93"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F8C12AA-5635-4E29-A443-2A43A6BB0439"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD5FA276-9557-4E36-A37F-4B2A09703DA3"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References