CVE-2022-28772
First published: Tue Apr 12 2022(Updated: )
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =7.22ext | |
| SAP NetWeaver | =7.49 | |
| SAP NetWeaver | =7.53 | |
| SAP NetWeaver | =7.77 | |
| SAP NetWeaver | =7.81 | |
| SAP NetWeaver | =7.85 | |
| SAP NetWeaver | =7.86 | |
| SAP NetWeaver | =kernel_7.22 | |
| SAP NetWeaver | =krnl64nuc_7.22 | |
| SAP NetWeaver | =krnl64uc_7.22 | |
| SAP Web Dispatcher | =7.53 | |
| SAP Web Dispatcher | =7.77 | |
| SAP Web Dispatcher | =7.81 | |
| SAP Web Dispatcher | =7.85 | |
| SAP Web Dispatcher | =7.86 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-28772?
The severity of CVE-2022-28772 is high with a CVSS score of 7.5.
What is the affected software by CVE-2022-28772?
The affected software by CVE-2022-28772 is SAP NetWeaver versions 7.22ext, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, and SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85, 7.86.
How does CVE-2022-28772 impact SAP Web Dispatcher and Internet Communication Manager?
CVE-2022-28772 allows an attacker to force overwrite of the internal program stack in SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85, 7.86, and Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81.
How can I fix CVE-2022-28772?
To fix CVE-2022-28772, SAP has provided patches and updates. It is recommended to apply the latest available patches from SAP.
Where can I find more information about CVE-2022-28772?
More information about CVE-2022-28772 can be found in the SAP support note 3111311 and the SAP security advisory.
- collector/nvd-index
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.22ext
- version/sap netweaver/7.49
- version/sap netweaver/7.53
- version/sap netweaver/7.77
- version/sap netweaver/7.81
- version/sap netweaver/7.85
- version/sap netweaver/7.86
- version/sap netweaver/kernel_7.22
- version/sap netweaver/krnl64nuc_7.22
- version/sap netweaver/krnl64uc_7.22
- canonical/sap web dispatcher
- version/sap web dispatcher/7.53
- version/sap web dispatcher/7.77
- version/sap web dispatcher/7.81
- version/sap web dispatcher/7.85
- version/sap web dispatcher/7.86