CVE-2022-27668

Summary

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver and ABAP PlatformKERNEL 7.49affected
SAP SESAP NetWeaver and ABAP Platform7.77affected
SAP SESAP NetWeaver and ABAP Platform7.81affected
SAP SESAP NetWeaver and ABAP Platform7.85affected
SAP SESAP NetWeaver and ABAP Platform7.86affected
SAP SESAP NetWeaver and ABAP Platform7.87affected
SAP SESAP NetWeaver and ABAP Platform7.88affected
SAP SESAP NetWeaver and ABAP PlatformKRNL64NUC 7.49affected
SAP SESAP NetWeaver and ABAP PlatformKRNL64UC 7.49affected
SAP SESAP NetWeaver and ABAP PlatformSAP_ROUTER 7.53affected
SAP SESAP NetWeaver and ABAP Platform7.22affected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CVE Program Container

Additional References

References