CVE-2022-28772

Summary

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver (Internet Communication Manager)KRNL64NUC 7.22affected
SAP SESAP NetWeaver (Internet Communication Manager)7.22EXTaffected
SAP SESAP NetWeaver (Internet Communication Manager)7.49affected
SAP SESAP NetWeaver (Internet Communication Manager)KRNL64UC 7.22affected
SAP SESAP NetWeaver (Internet Communication Manager)7.53affected
SAP SESAP NetWeaver (Internet Communication Manager)KERNEL 7.22affected
SAP SESAP NetWeaver (Internet Communication Manager)7.77affected
SAP SESAP NetWeaver (Internet Communication Manager)7.81affected
SAP SESAP NetWeaver (Internet Communication Manager)7.85affected
SAP SESAP NetWeaver (Internet Communication Manager)7.86affected
SAP SESAP Web Dispatcher7.53affected
SAP SESAP Web Dispatcher7.77affected
SAP SESAP Web Dispatcher7.81affected
SAP SESAP Web Dispatcher7.85affected
SAP SESAP Web Dispatcher7.86affected

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CVE Program Container

Additional References

References