SAP 3D Visual Enterprise Viewer Vulnerability Due to Memory Management Issues
CVE-2022-41188

7.8HIGH

Key Information:

Vendor
SAP
Status
SAP 3d Visual Enterprise Viewer
Vendor
CVE Published:
11 October 2022

Summary

A vulnerability exists in SAP 3D Visual Enterprise Viewer due to improper memory management. When users open a manipulated Wavefront Object (.obj) file from untrusted sources, it can lead to application crashes, rendering the viewer temporarily unavailable until it is restarted. This issue highlights the risks associated with processing potentially harmful files.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3245928

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.