CVE-2022-29612

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 64.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Host AgentSAP Netweaver Abap
Timeline
PublishedJun 14
Latest updateJun 15

Description

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsap/host_agent7.22
NVDsap/netweaver_abap17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-3672-vc3r-5prp: SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 72022-06-15
CVEList
CVE-2022-29612: SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 72022-06-14
CVE-2022-29612 (MEDIUM CVSS 4.3) | SAP NetWeaver | cvebase.io