CVE-2022-28772

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
12/04/2022
Last modified:
20/04/2022

Description

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*