Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for netweaver_as_abap_krnl64nuc by sap

    CVE-2026-24320 (GCVE-0-2026-24320)

    Vulnerability from nvd – Published: 2026-02-10 03:03 – Updated: 2026-02-10 16:25
    VLAI
    Title
    Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
    Summary
    Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver and ABAP Platform (Application Server ABAP) Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: 8.04
    Affected: KERNEL 7.22
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.17
    Affected: 9.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:25:22.928517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:25:30.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform (Application Server ABAP)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.17"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T03:03:42.731Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3678313"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24320",
        "datePublished": "2026-02-10T03:03:42.731Z",
        "dateReserved": "2026-01-21T22:15:36.672Z",
        "dateUpdated": "2026-02-10T16:25:30.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0509 (GCVE-0-2026-0509)

    Vulnerability from nvd – Published: 2026-02-10 03:01 – Updated: 2026-02-10 16:27
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.18
    Affected: 9.19
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:26:52.577763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:27:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                },
                {
                  "status": "affected",
                  "version": "9.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T03:01:52.913Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3674774"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-0509",
        "datePublished": "2026-02-10T03:01:52.913Z",
        "dateReserved": "2025-12-09T22:06:48.421Z",
        "dateUpdated": "2026-02-10T16:27:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from nvd – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29616 (GCVE-0-2022-29616)

    Vulnerability from nvd – Published: 2022-05-11 15:08 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: 7.49
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Create a notification for this product.
    SAP SE SAP Host Agent Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3145702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                }
              ]
            },
            {
              "product": "SAP Host Agent",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T15:08:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3145702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-29616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Host Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3145702",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3145702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-29616",
        "datePublished": "2022-05-11T15:08:03.000Z",
        "dateReserved": "2022-04-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:06.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-24320 (GCVE-0-2026-24320)

    Vulnerability from cvelistv5 – Published: 2026-02-10 03:03 – Updated: 2026-02-10 16:25
    VLAI
    Title
    Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
    Summary
    Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver and ABAP Platform (Application Server ABAP) Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: 8.04
    Affected: KERNEL 7.22
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.17
    Affected: 9.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24320",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:25:22.928517Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:25:30.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform (Application Server ABAP)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.17"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-113",
                  "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T03:03:42.731Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3678313"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-24320",
        "datePublished": "2026-02-10T03:03:42.731Z",
        "dateReserved": "2026-01-21T22:15:36.672Z",
        "dateUpdated": "2026-02-10T16:25:30.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0509 (GCVE-0-2026-0509)

    Vulnerability from cvelistv5 – Published: 2026-02-10 03:01 – Updated: 2026-02-10 16:27
    VLAI
    Title
    Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.18
    Affected: 9.19
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T16:26:52.577763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T16:27:08.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                },
                {
                  "status": "affected",
                  "version": "9.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T03:01:52.913Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3674774"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-0509",
        "datePublished": "2026-02-10T03:01:52.913Z",
        "dateReserved": "2025-12-09T22:06:48.421Z",
        "dateUpdated": "2026-02-10T16:27:08.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from cvelistv5 – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29616 (GCVE-0-2022-29616)

    Vulnerability from cvelistv5 – Published: 2022-05-11 15:08 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: 7.49
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Create a notification for this product.
    SAP SE SAP Host Agent Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3145702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                }
              ]
            },
            {
              "product": "SAP Host Agent",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T15:08:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3145702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-29616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Host Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3145702",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3145702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-29616",
        "datePublished": "2022-05-11T15:08:03.000Z",
        "dateReserved": "2022-04-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:06.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }