CVE-2022-29612

Summary

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver, ABAP Platform and SAP Host AgentKERNEL 7.22affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.49affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.53affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.77affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.81affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.85affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.86affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.87affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.88affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent8.04affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host AgentKRNL64NUC 7.22affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host Agent7.22EXTaffected
SAP SESAP NetWeaver, ABAP Platform and SAP Host AgentKRNL64UC 7.22affected
SAP SESAP NetWeaver, ABAP Platform and SAP Host AgentSAPHOSTAGENT 7.22affected

Weaknesses

  • CWE-918: CWE-918

ADP Enrichment

CVE Program Container

Additional References

References