Memory Management Vulnerability in SAP 3D Visual Enterprise Viewer
CVE-2022-41197

7.8HIGH

Key Information:

Vendor
SAP
Status
SAP 3d Visual Enterprise Viewer
Vendor
CVE Published:
11 October 2022

Summary

A vulnerability exists in SAP 3D Visual Enterprise Viewer due to inadequate memory management. When files with .wrl or vrml.x3d extensions are opened from untrusted sources, the application may unexpectedly crash, leading to temporary unavailability until it is restarted. This issue highlights the risks associated with processing unverified 3D data formats.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3245928

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.