PT-2022-19221 · Sap · Sap Web Dispatcher+1
Published
2022-04-12
·
Updated
2022-04-20
·
CVE-2022-28772
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85, 7.86
Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86
Description
The issue allows an attacker to force overwrite of the internal program stack by providing overlong input values, making the programs unavailable and leading to denial of service.
Recommendations
For SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85, 7.86, consider restricting input values to prevent overlong inputs until a patch is available.
For Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, restrict input values to prevent overlong inputs until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Internet Communication Manager
Sap Web Dispatcher