← Back

CVE-2022-28772

nvd nist
Published: Apr 12, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Affected (15)

Sap
2 products
Netweaver
Web Dispatcher
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver
Version 7.22ext
Netweaver
Version 7.49
Netweaver
Version 7.53
Netweaver
Version 7.77
Netweaver
Version 7.81
Netweaver
Version 7.85
Netweaver
Version 7.86
Netweaver
Version kernel_7.22
Netweaver
Version krnl64nuc_7.22
Netweaver
Version krnl64uc_7.22
Sap
Web Dispatcher
Version 7.53
Web Dispatcher
Version 7.77
Web Dispatcher
Version 7.81
Web Dispatcher
Version 7.85
Web Dispatcher
Version 7.86

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.