Unrated severityNVD Advisory· Published Jun 14, 2022· Updated Aug 3, 2024
CVE-2022-27668
CVE-2022-27668
Description
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- SAP SE/SAP NetWeaver and ABAP Platformv5Range: KERNEL 7.49
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Sep/17mitremailing-listx_refsource_FULLDISC
- launchpad.support.sap.commitrex_refsource_MISC
- www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.