VYPR
Unrated severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024

CVE-2022-28772

CVE-2022-28772

Description

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Affected products

4
  • Range: KRNL64NUC 7.22,7.22EXT,7.49; KRNL64UC 7.22,7.22EXT,7.49,7.53; KERNEL 7.22,7.49,7.53,7.77,7.81,7.85,7.86
  • Range: >=7.53,<=7.86
  • SAP SE/SAP NetWeaver (Internet Communication Manager)v5
    Range: KRNL64NUC 7.22
  • SAP SE/SAP Web Dispatcherv5
    Range: 7.53

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.