CVE-2022-22539

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*

History

26 Oct 2022, 13:57

Type Values Removed Values Added
References (MISC) https://launchpad.support.sap.com/#/notes/3134684 - Permissions Required (MISC) https://launchpad.support.sap.com/#/notes/3134684 - Permissions Required, Vendor Advisory
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Not Applicable, Vendor Advisory

24 Aug 2022, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022', 'name': 'https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html -

16 Feb 2022, 20:06

Type Values Removed Values Added
CPE cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*
References (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 - (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3134684 - (MISC) https://launchpad.support.sap.com/#/notes/3134684 - Permissions Required
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.5

09 Feb 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-09 23:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-22539

Mitre link : CVE-2022-22539

CVE.ORG link : CVE-2022-22539


JSON object : View

Products Affected

sap

  • 3d_visual_enterprise_viewer
CWE
CWE-20

Improper Input Validation