CVE-2022-41181

Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://launchpad.support.sap.com/#/notes/3245929	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://launchpad.support.sap.com/#/notes/3245929	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:3d_visual_enterprise_author:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:22

Type	Values Removed	Values Added
References	~~() https://launchpad.support.sap.com/#/notes/3245929 - Permissions Required, Vendor Advisory~~	() https://launchpad.support.sap.com/#/notes/3245929 - Permissions Required, Vendor Advisory
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

Information

Published : 2022-10-11 21:15

Updated : 2024-11-21 07:22

NVD link : CVE-2022-41181

Mitre link : CVE-2022-41181

CVE.ORG link : CVE-2022-41181

JSON object : View

Products Affected

sap

3d_visual_enterprise_author

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2022-41181", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-10-11T21:15:19.737", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3245929", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/3245929", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application."}, {"lang": "es", "value": "Debido a una falta de administraci\u00f3n apropiada de la memoria, cuando una v\u00edctima abre un archivo manipulado Portable Document Format (.pdf, PDFPublishing.dll) recibido de fuentes no confiables en SAP 3D Visual Enterprise Author - versi\u00f3n 9, es posible que la aplicaci\u00f3n sea bloqueada y deje de estar disponible temporalmente para el usuario hasta que sea reiniciada la aplicaci\u00f3n"}], "lastModified": "2024-11-21T07:22:46.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:3d_visual_enterprise_author:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC317D13-5201-49B6-82DC-69D597FB6A84"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}