Memory Management Flaw in SAP 3D Visual Enterprise Viewer
CVE-2022-41192

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP 3d Visual Enterprise Viewer
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-41192?

A memory management flaw exists in SAP 3D Visual Enterprise Viewer, which can be exploited when a user opens a specially crafted Jupiter Tesselation (.jt, JTReader.x3d) file from untrusted sources. This can lead to the application crashing, rendering it temporarily unavailable until it is restarted by the user. To mitigate this risk, users are advised to exercise caution when handling files from unknown origins and to keep their software updated.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3245928

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022