CVE-2022-22539
Published on: 02/09/2022 12:00:00 AM UTC
Last Modified on: 10/26/2022 01:57:00 PM UTC
Certain versions of 3d Visual Enterprise Viewer from Sap contain the following vulnerability:
When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
- CVE-2022-22539 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
SAP SE - SAP 3D Visual Enterprise Viewer version = 9.0
CVSS3 Score: 6.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
SAP Security Patch Day - February 2022 - Product Security Response at SAP - Community Wiki | wiki.scn.sap.com text/html |
![]() |
SAP Patch Day Blog | web.archive.org text/html Inactive LinkNot Archived |
![]() |
No Description Provided | launchpad.support.sap.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Sap | 3d Visual Enterprise Viewer | 9 | All | All | All |
- cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-22539 : When a user opens a manipulated JPEG file format .jpg, 2d.x3d received from untrusted sources in… twitter.com/i/web/status/1… | 2022-02-09 23:23:42 |