CVE-2022-32237Improper Input Validation in SAP 3D Visual Enterprise Viewer

CWE-20Improper Input Validation3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 65.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP 3D Visual Enterprise ViewerSAP SE SAP 3D Visual Enterprise Viewer
Timeline
PublishedJun 14
Latest updateJun 15

Description

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5pw6-cwq7-cw23: When a user opens manipulated Computer Graphics Metafile (2022-06-15
CVEList
CVE-2022-32237: When a user opens manipulated Computer Graphics Metafile (2022-06-14
CVE-2022-32237 — Improper Input Validation in SAP | cvebase