Sign-up

ID

VAR-202204-0880


CVE

CVE-2022-28773


TITLE

SAP Web Dispatcher and SAP Internet Communication Manager Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3154

DESCRIPTION

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically

Trust: 0.99

sources: NVD: CVE-2022-28773 // VULMON: CVE-2022-28773

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.22ext

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:krnl64nuc_7.22

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.86

Trust: 1.0

vendor:sapmodel:web dispatcherscope:eqversion:7.86

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.49

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:krnl64uc_7.22

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.53

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.81

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:kernel_7.22

Trust: 1.0

vendor:sapmodel:web dispatcherscope:eqversion:7.53

Trust: 1.0

vendor:sapmodel:web dispatcherscope:eqversion:7.81

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.85

Trust: 1.0

vendor:sapmodel:web dispatcherscope:eqversion:7.85

Trust: 1.0

vendor:sapmodel:netweaverscope:eqversion:7.77

Trust: 1.0

vendor:sapmodel:web dispatcherscope:eqversion:7.77

Trust: 1.0

sources: NVD: CVE-2022-28773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28773
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202204-3154
value: HIGH

Trust: 0.6

VULMON: CVE-2022-28773
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-28773
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2022-28773
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-28773 // CNNVD: CNNVD-202204-3154 // NVD: CVE-2022-28773

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.0

sources: NVD: CVE-2022-28773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3154

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3154

PATCH

title:SAP Web Dispatcher and SAP Internet Communication Manager Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=190238

Trust: 0.6

sources: CNNVD: CNNVD-202204-3154

EXTERNAL IDS

db:NVDid:CVE-2022-28773

Trust: 1.7

db:CNNVDid:CNNVD-202204-3154

Trust: 0.6

db:VULMONid:CVE-2022-28773

Trust: 0.1

sources: VULMON: CVE-2022-28773 // CNNVD: CNNVD-202204-3154 // NVD: CVE-2022-28773

REFERENCES

url:https://launchpad.support.sap.com/#/notes/3111293

Trust: 1.7

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-28773/

Trust: 0.6

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-38045

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-28773 // CNNVD: CNNVD-202204-3154 // NVD: CVE-2022-28773

SOURCES

db:VULMONid:CVE-2022-28773
db:CNNVDid:CNNVD-202204-3154
db:NVDid:CVE-2022-28773

LAST UPDATE DATE

2024-11-23T22:20:31.991000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-28773date:2022-04-20T00:00:00
db:CNNVDid:CNNVD-202204-3154date:2023-07-24T00:00:00
db:NVDid:CVE-2022-28773date:2024-11-21T06:57:54.317

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-28773date:2022-04-12T00:00:00
db:CNNVDid:CNNVD-202204-3154date:2022-04-12T00:00:00
db:NVDid:CVE-2022-28773date:2022-04-12T17:15:10.883