Lucene search

SapCVE-2022-41192

HistoryOct 11, 2022 - 9:15 p.m.

CVE-2022-41192

2022-10-1121:15:22

CWE-119

sap

web.nvd.nist.gov

cve-2022-41192

sap 3d visual enterprise viewer

memory management

file manipulation

crash

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.4%

JSON

Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

Affected configurations

Nvd

Node

sap3d_visual_enterprise_viewerRange<9.0

VendorProductVersionCPE
sap3d_visual_enterprise_viewer*cpe:2.3:a:sap:3d_visual_enterprise_viewer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	3d_visual_enterprise_viewer	*	cpe:2.3:a:sap:3d_visual_enterprise_viewer::::::::

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP 3D Visual Enterprise Viewer",
    "versions": [
      {
        "version": "9",
        "status": "affected"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3245928

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.4%

JSON

Related for CVE-2022-41192