Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28772

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Published

2022-04-12T17:15:10.833

Last Modified

2024-11-21T06:57:54.167

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver 7.22ext Yes
Application sap netweaver 7.49 Yes
Application sap netweaver 7.53 Yes
Application sap netweaver 7.77 Yes
Application sap netweaver 7.81 Yes
Application sap netweaver 7.85 Yes
Application sap netweaver 7.86 Yes
Application sap netweaver kernel_7.22 Yes
Application sap netweaver krnl64nuc_7.22 Yes
Application sap netweaver krnl64uc_7.22 Yes
Application sap web_dispatcher 7.53 Yes
Application sap web_dispatcher 7.77 Yes
Application sap web_dispatcher 7.81 Yes
Application sap web_dispatcher 7.85 Yes
Application sap web_dispatcher 7.86 Yes
References