CVE-2022-29612

{"id": "CVE-2022-29612", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-06-14T17:15:08.230", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3194674", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application."}, {"lang": "es", "value": "SAP NetWeaver, ABAP Platform y SAP Host Agent - versiones KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49 53, 8.04, SAPHOSTAGENT 7.22, permite a un usuario autenticado hacer un uso no debido de una funci\u00f3n de sapcontrol webfunctionality(startservice) en el Kernel que permite a usuarios maliciosos recuperar informaci\u00f3n. Si es explotado con \u00e9xito, un atacante puede obtener informaci\u00f3n t\u00e9cnica como el n\u00famero de sistema o la direcci\u00f3n f\u00edsica, que de otro modo est\u00e1 restringida, causando un impacto limitado en la confidencialidad de la aplicaci\u00f3n"}], "lastModified": "2022-10-06T15:20:09.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E135017-1492-49F5-B3ED-F69D5476FB46"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AECEB43E-5E9C-4638-B7D8-29968AE1F4BB"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6606C14A-C9E6-4D4A-8E64-0699CBB15B93"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F8C12AA-5635-4E29-A443-2A43A6BB0439"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD5FA276-9557-4E36-A37F-4B2A09703DA3"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}