Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer
CVE-2022-41201

7.8HIGH

Key Information:

Vendor
SAP
Status
SAP 3d Visual Enterprise Viewer
Vendor
CVE Published:
11 October 2022

Summary

A vulnerability exists in SAP 3D Visual Enterprise Viewer that allows for remote code execution due to improper memory management. When a user opens a specially crafted Right Hemisphere Binary (.rh, rh.x3d) file sourced from untrusted origins, it may cause a stack-based overflow or re-use of a dangling pointer, resulting in potential unauthorized code execution. Users should take caution when handling files from unknown sources to mitigate this risk. For more information, refer to the official SAP documentation.

Affected Version(s)

SAP 3D Visual Enterprise Viewer 9

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3245928

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.