CVE-2022-28772
Description
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.139
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.53 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.77 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.81 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.85 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2022-28772,CVE-2022-28773 are affected in SAP Web Dispatcher 7.86 | Windows |
| Vulnerabilities CVE-2018-2470,CVE-2019-0248,CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.53 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773,CVE-2023-27499 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.22ext | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.49 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.77 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.81 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.85 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.86 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773,CVE-2024-22124 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) kernel_7.22 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773,CVE-2024-22124 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) krnl64nuc_7.22 | Windows |
| Vulnerabilities CVE-2022-28772,CVE-2022-28773 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) krnl64uc_7.22 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234