CVE-2022-27668

Name of the Vulnerable Software and Affected Versions SAP NetWeaver and ABAP Platform versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP ROUTER 7.53, 7.22

Description The issue is related to errors in authorization in the saprouttab file, which can allow an unauthenticated attacker to execute SAProuter administration commands remotely. This could highly impact system availability, for example, by stopping the SAProuter.

Recommendations For versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, consider restricting access to the saprouttab file to prevent unauthorized modifications. For versions KRNL64NUC 7.49, KRNL64UC 7.49, review the configuration of the route permission table to ensure proper authorization. For versions SAP ROUTER 7.53, 7.22, limit remote access to SAProuter administration commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.