CVE-2022-28772
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
12/04/2022
Last modified:
20/04/2022
Description
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.49:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.53:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.77:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.81:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.85:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:7.86:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:kernel_7.22:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver:krnl64uc_7.22:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page