Crash Vulnerability in SAP 3D Visual Enterprise Viewer Affecting File Handling
CVE-2022-32240

5.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP 3d Visual Enterprise Viewer
Vendor
CVE Published:
14 June 2022

What is CVE-2022-32240?

A vulnerability exists in SAP 3D Visual Enterprise Viewer that allows an attacker to exploit file handling mechanisms. When manipulated Jupiter Tesselation (.jt, JTReader.x3d) files are opened from untrusted sources, the application may crash, resulting in temporary unavailability until it is manually restarted by the user. This poses significant risks, particularly in environments where the application is utilized for viewing critical 3D models.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9.0

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3206271
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.