CVE-2022-32241: Input Validation
First published: Tue Jun 14 2022(Updated: )
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP 3D Visual Enterprise Viewer | <=9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-32241?
CVE-2022-32241 is a vulnerability in SAP 3D Visual Enterprise Viewer that allows an attacker to crash the application by tricking a user into opening a manipulated PDF file.
How does CVE-2022-32241 affect SAP 3D Visual Enterprise Viewer?
When a user opens manipulated PDF files received from untrusted sources, the application crashes and becomes temporarily unavailable until restart.
What is the severity of CVE-2022-32241?
The severity of CVE-2022-32241 is medium with a CVSS score of 5.5.
How can I fix CVE-2022-32241?
To mitigate CVE-2022-32241, SAP recommends updating to a fixed version of SAP 3D Visual Enterprise Viewer.
Where can I find more information about CVE-2022-32241?
You can find more information about CVE-2022-32241 in the SAP note 3206271 and the SAP advisory.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/sap
- canonical/sap 3d visual enterprise viewer
- version/sap 3d visual enterprise viewer/9.0