PT-2022-19728 · Eclipse+1 · Eclipse+1

Published

2022-06-14

Updated

2022-06-24

CVE-2022-29615

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Developer Studio version 7.50

Description The issue is related to the logging framework log4j in version 1.x, which is part of Eclipse and used by SAP NetWeaver Developer Studio. This could have a low impact on the application's confidentiality and integrity due to the vulnerabilities associated with log4j version 1.x.

Recommendations For SAP NetWeaver Developer Studio version 7.50, consider updating the log4j component to a version that is not affected by the vulnerabilities. As a temporary workaround, restrict the use of the log4j logging framework until a patch is available.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2022-29615

Affected Products

Eclipse

Sap Netweaver Developer Studio

PT-2022-19728 · Eclipse+1 · Eclipse+1

CVE-2022-29615

Weakness Enumeration

Related Identifiers

Affected Products

References · 5