First published: Tue Jun 14 2022(Updated: )
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver AS ABAP | =kernel_7.49 | |
SAP NetWeaver AS ABAP | =kernel_7.77 | |
SAP NetWeaver AS ABAP | =kernel_7.81 | |
SAP NetWeaver AS ABAP | =kernel_7.85 | |
SAP NetWeaver AS ABAP | =kernel_7.86 | |
SAP NetWeaver AS ABAP | =kernel_7.87 | |
SAP NetWeaver AS ABAP | =kernel_7.88 | |
Sap Netweaver As Abap Krnl64nuc | =7.49 | |
Sap Netweaver As Abap Krnl64uc | =7.49 | |
SAP Router | =7.22 | |
SAP Router | =7.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-27668.
The severity rating of CVE-2022-27668 is critical with a severity score of 9.8.
The affected software versions include KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49.
Depending on the configuration of the route permission table in the 'saprouttab' file, an unauthenticated attacker may be able to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform.
You can find more information about CVE-2022-27668 [here](https://launchpad.support.sap.com/#/notes/3158375).