ID CVE-2022-29612
Summary SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 22-06-2022 - 20:49)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 22-06-2022 - 20:49
Published 14-06-2022 - 17:15
Last modified 22-06-2022 - 20:49
Back to Top