7.5

CVE-2022-28772

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Data is provided by the National Vulnerability Database (NVD)
SAPNetweaver Version7.22ext
SAPNetweaver Version7.49
SAPNetweaver Version7.53
SAPNetweaver Version7.77
SAPNetweaver Version7.81
SAPNetweaver Version7.85
SAPNetweaver Version7.86
SAPNetweaver Versionkernel_7.22
SAPNetweaver Versionkrnl64nuc_7.22
SAPNetweaver Versionkrnl64uc_7.22
SAPWeb Dispatcher Version7.53
SAPWeb Dispatcher Version7.77
SAPWeb Dispatcher Version7.81
SAPWeb Dispatcher Version7.85
SAPWeb Dispatcher Version7.86
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.14% 0.772
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://launchpad.support.sap.com/#/notes/3111311
Vendor Advisory
Permissions Required