Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2022-28772

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

  • Published: Apr 12, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-28772
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
sap / netweaver 7.53 7.53.x
sap / web_dispatcher 7.53 7.53.x
sap / web_dispatcher 7.77 7.77.x
sap / web_dispatcher 7.81 7.81.x
sap / web_dispatcher 7.85 7.85.x
sap / web_dispatcher 7.86 7.86.x
sap / netweaver krnl64nuc_7.22 krnl64nuc_7.22.x
sap / netweaver 7.22ext 7.22ext.x
sap / netweaver 7.49 7.49.x
sap / netweaver krnl64uc_7.22 krnl64uc_7.22.x
sap / netweaver kernel_7.22 kernel_7.22.x
sap / netweaver 7.77 7.77.x
sap / netweaver 7.81 7.81.x
sap / netweaver 7.85 7.85.x
sap / netweaver 7.86 7.86.x