CVE-2022-29612

Description

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.

Related CPE's

asapnetweaver_abapkrnl64nuc_7.22*******

asapnetweaver_abapkrnl64nuc_7.22ext*******

asapnetweaver_abapkrnl64uc_8.04*******

asapnetweaver_abapkernel_7.22*******

asapnetweaver_abapkernel_7.49*******

asapnetweaver_abapkernel_8.04*******

asapnetweaver_abapkrnl64uc_7.22*******

asapnetweaver_abapkrnl64uc_7.22ext*******

asapnetweaver_abapkrnl64uc_7.49*******

asaphost_agent7.22*******

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3194674

Permissions RequiredVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

4

VectorString

AV:N/AC:L/Au:S/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io