QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27668

Published: Jun 14, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.

Vendor	Product	Versions
SAP SE	SAP NetWeaver and ABAP Platform	affected `KERNEL 7.49` affected `7.77` affected `7.81` affected `7.85` affected `7.86` +6 more versions

Weaknesses (CWE)

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3158375

x_refsource_MISC

20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.