diff --git a/2020/24xxx/CVE-2020-24394.json b/2020/24xxx/CVE-2020-24394.json index c06f86addaa..7bdfd23c3ba 100644 --- a/2020/24xxx/CVE-2020-24394.json +++ b/2020/24xxx/CVE-2020-24394.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200904-0003/", "url": "https://security.netapp.com/advisory/ntap-20200904-0003/" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20210325-0004/", + "url": "https://www.starwindsoftware.com/security/sw-20210325-0004/" } ] } diff --git a/2020/25xxx/CVE-2020-25656.json b/2020/25xxx/CVE-2020-25656.json index 1f94c34f2b7..b726f941d7e 100644 --- a/2020/25xxx/CVE-2020-25656.json +++ b/2020/25xxx/CVE-2020-25656.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20210325-0006/", + "url": "https://www.starwindsoftware.com/security/sw-20210325-0006/" } ] }, diff --git a/2020/25xxx/CVE-2020-25704.json b/2020/25xxx/CVE-2020-25704.json index c239d18b849..2f96bfb3551 100644 --- a/2020/25xxx/CVE-2020-25704.json +++ b/2020/25xxx/CVE-2020-25704.json @@ -68,6 +68,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html" + }, + { + "refsource": "MISC", + "name": "https://www.starwindsoftware.com/security/sw-20220802-0003/", + "url": "https://www.starwindsoftware.com/security/sw-20220802-0003/" } ] }, diff --git a/2022/35xxx/CVE-2022-35226.json b/2022/35xxx/CVE-2022-35226.json index 1b5f7243027..f818a6194bf 100644 --- a/2022/35xxx/CVE-2022-35226.json +++ b/2022/35xxx/CVE-2022-35226.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Data Services Management Console", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + }, + { + "version_name": "<", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3167342", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3167342" } ] } diff --git a/2022/35xxx/CVE-2022-35296.json b/2022/35xxx/CVE-2022-35296.json index 11695c26e8f..a298b0e529c 100644 --- a/2022/35xxx/CVE-2022-35296.json +++ b/2022/35xxx/CVE-2022-35296.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Version Management System)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "420" + }, + { + "version_name": "<", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3233226", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3233226" } ] } diff --git a/2022/35xxx/CVE-2022-35297.json b/2022/35xxx/CVE-2022-35297.json index c9e33acda73..79d18eec92a 100644 --- a/2022/35xxx/CVE-2022-35297.json +++ b/2022/35xxx/CVE-2022-35297.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Enable Now", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3049899", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3049899" } ] } diff --git a/2022/35xxx/CVE-2022-35299.json b/2022/35xxx/CVE-2022-35299.json index 2320161d38e..6cd38c01f18 100644 --- a/2022/35xxx/CVE-2022-35299.json +++ b/2022/35xxx/CVE-2022-35299.json @@ -4,14 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-35299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP SQL Anywhere", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "17.0" + } + ] + } + }, + { + "product_name": "SAP IQ", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "16.1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3232021", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3232021" } ] } diff --git a/2022/39xxx/CVE-2022-39013.json b/2022/39xxx/CVE-2022-39013.json index 71dfd5f4e2a..ce5fe09a1e3 100644 --- a/2022/39xxx/CVE-2022-39013.json +++ b/2022/39xxx/CVE-2022-39013.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Program Objects)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "420" + }, + { + "version_name": "<", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3229132", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3229132" } ] } diff --git a/2022/39xxx/CVE-2022-39015.json b/2022/39xxx/CVE-2022-39015.json index 9848d4d5376..bebea7e795e 100644 --- a/2022/39xxx/CVE-2022-39015.json +++ b/2022/39xxx/CVE-2022-39015.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (AdminTools/Query Builder)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.2" + }, + { + "version_name": "<", + "version_value": "4.3" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3239293", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3239293" } ] } diff --git a/2022/39xxx/CVE-2022-39800.json b/2022/39xxx/CVE-2022-39800.json index 2136ad23eb6..3750cdd43fb 100644 --- a/2022/39xxx/CVE-2022-39800.json +++ b/2022/39xxx/CVE-2022-39800.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "420" + }, + { + "version_name": "<", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3211161", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3211161" } ] } diff --git a/2022/39xxx/CVE-2022-39802.json b/2022/39xxx/CVE-2022-39802.json index 6af8ba1390c..98ccd41323a 100644 --- a/2022/39xxx/CVE-2022-39802.json +++ b/2022/39xxx/CVE-2022-39802.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Manufacturing Execution", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "15.1" + }, + { + "version_name": "<", + "version_value": "15.2" + }, + { + "version_name": "<", + "version_value": "15.3" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3242933", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3242933" } ] } diff --git a/2022/39xxx/CVE-2022-39803.json b/2022/39xxx/CVE-2022-39803.json index 39811739676..d51c2fb2625 100644 --- a/2022/39xxx/CVE-2022-39803.json +++ b/2022/39xxx/CVE-2022-39803.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/39xxx/CVE-2022-39804.json b/2022/39xxx/CVE-2022-39804.json index df4a0762936..ad0ab601e5e 100644 --- a/2022/39xxx/CVE-2022-39804.json +++ b/2022/39xxx/CVE-2022-39804.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/39xxx/CVE-2022-39805.json b/2022/39xxx/CVE-2022-39805.json index 5f811221f8e..f9aa2e0a25f 100644 --- a/2022/39xxx/CVE-2022-39805.json +++ b/2022/39xxx/CVE-2022-39805.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/39xxx/CVE-2022-39806.json b/2022/39xxx/CVE-2022-39806.json index 435b397c7a9..80f6b15f581 100644 --- a/2022/39xxx/CVE-2022-39806.json +++ b/2022/39xxx/CVE-2022-39806.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/39xxx/CVE-2022-39807.json b/2022/39xxx/CVE-2022-39807.json index 922c22dc632..1c8d819ed23 100644 --- a/2022/39xxx/CVE-2022-39807.json +++ b/2022/39xxx/CVE-2022-39807.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/39xxx/CVE-2022-39808.json b/2022/39xxx/CVE-2022-39808.json index 27de326cc54..2681cfb4947 100644 --- a/2022/39xxx/CVE-2022-39808.json +++ b/2022/39xxx/CVE-2022-39808.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41166.json b/2022/41xxx/CVE-2022-41166.json index e795360b063..8c143c64538 100644 --- a/2022/41xxx/CVE-2022-41166.json +++ b/2022/41xxx/CVE-2022-41166.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41167.json b/2022/41xxx/CVE-2022-41167.json index ee7b634dd16..9142b9f89c5 100644 --- a/2022/41xxx/CVE-2022-41167.json +++ b/2022/41xxx/CVE-2022-41167.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41168.json b/2022/41xxx/CVE-2022-41168.json index 73b83fa4c7b..180a90272d8 100644 --- a/2022/41xxx/CVE-2022-41168.json +++ b/2022/41xxx/CVE-2022-41168.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41169.json b/2022/41xxx/CVE-2022-41169.json index 0683b2c6422..e3b41024c48 100644 --- a/2022/41xxx/CVE-2022-41169.json +++ b/2022/41xxx/CVE-2022-41169.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41170.json b/2022/41xxx/CVE-2022-41170.json index 6e7e14ef7f5..a25eadda022 100644 --- a/2022/41xxx/CVE-2022-41170.json +++ b/2022/41xxx/CVE-2022-41170.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41171.json b/2022/41xxx/CVE-2022-41171.json index bbde2e74bb3..1d5cd6dbd1c 100644 --- a/2022/41xxx/CVE-2022-41171.json +++ b/2022/41xxx/CVE-2022-41171.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41172.json b/2022/41xxx/CVE-2022-41172.json index 846ad7b08dc..17c39c022c1 100644 --- a/2022/41xxx/CVE-2022-41172.json +++ b/2022/41xxx/CVE-2022-41172.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41173.json b/2022/41xxx/CVE-2022-41173.json index 78ee951e52c..8f7363f100a 100644 --- a/2022/41xxx/CVE-2022-41173.json +++ b/2022/41xxx/CVE-2022-41173.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41174.json b/2022/41xxx/CVE-2022-41174.json index 3b93e634d8a..680956fc797 100644 --- a/2022/41xxx/CVE-2022-41174.json +++ b/2022/41xxx/CVE-2022-41174.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41175.json b/2022/41xxx/CVE-2022-41175.json index afeab8b30a3..8cfb4758754 100644 --- a/2022/41xxx/CVE-2022-41175.json +++ b/2022/41xxx/CVE-2022-41175.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41176.json b/2022/41xxx/CVE-2022-41176.json index d6e30865fe7..8e2aea7f4f6 100644 --- a/2022/41xxx/CVE-2022-41176.json +++ b/2022/41xxx/CVE-2022-41176.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41177.json b/2022/41xxx/CVE-2022-41177.json index dd18de99d76..b551492ab2e 100644 --- a/2022/41xxx/CVE-2022-41177.json +++ b/2022/41xxx/CVE-2022-41177.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41178.json b/2022/41xxx/CVE-2022-41178.json index 0b3007d8ccb..a23a7307608 100644 --- a/2022/41xxx/CVE-2022-41178.json +++ b/2022/41xxx/CVE-2022-41178.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41179.json b/2022/41xxx/CVE-2022-41179.json index f0e800cb4dd..e869e04a996 100644 --- a/2022/41xxx/CVE-2022-41179.json +++ b/2022/41xxx/CVE-2022-41179.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JtTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41180.json b/2022/41xxx/CVE-2022-41180.json index 11e05dbb8ab..a7473656532 100644 --- a/2022/41xxx/CVE-2022-41180.json +++ b/2022/41xxx/CVE-2022-41180.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41181.json b/2022/41xxx/CVE-2022-41181.json index 098009e5c4d..9c11e8c6bbd 100644 --- a/2022/41xxx/CVE-2022-41181.json +++ b/2022/41xxx/CVE-2022-41181.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41182.json b/2022/41xxx/CVE-2022-41182.json index 574681c2e4a..cf786648258 100644 --- a/2022/41xxx/CVE-2022-41182.json +++ b/2022/41xxx/CVE-2022-41182.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41183.json b/2022/41xxx/CVE-2022-41183.json index 72c02ef01db..77cc4901fdc 100644 --- a/2022/41xxx/CVE-2022-41183.json +++ b/2022/41xxx/CVE-2022-41183.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41184.json b/2022/41xxx/CVE-2022-41184.json index d24ad852c39..8a9aec5bc78 100644 --- a/2022/41xxx/CVE-2022-41184.json +++ b/2022/41xxx/CVE-2022-41184.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41185.json b/2022/41xxx/CVE-2022-41185.json index f8df3adb627..80d8bc5da64 100644 --- a/2022/41xxx/CVE-2022-41185.json +++ b/2022/41xxx/CVE-2022-41185.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Author", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245929", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245929" } ] } diff --git a/2022/41xxx/CVE-2022-41186.json b/2022/41xxx/CVE-2022-41186.json index 67c878c898a..5ef56b6e2c0 100644 --- a/2022/41xxx/CVE-2022-41186.json +++ b/2022/41xxx/CVE-2022-41186.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based overflow and or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41187.json b/2022/41xxx/CVE-2022-41187.json index 6891be7fc9f..a28f83f9710 100644 --- a/2022/41xxx/CVE-2022-41187.json +++ b/2022/41xxx/CVE-2022-41187.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41188.json b/2022/41xxx/CVE-2022-41188.json index ee229b4f880..45177c1c1d1 100644 --- a/2022/41xxx/CVE-2022-41188.json +++ b/2022/41xxx/CVE-2022-41188.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41189.json b/2022/41xxx/CVE-2022-41189.json index 347544cb194..6722da3c386 100644 --- a/2022/41xxx/CVE-2022-41189.json +++ b/2022/41xxx/CVE-2022-41189.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41189", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41190.json b/2022/41xxx/CVE-2022-41190.json index 5fb82b0a907..8be966439b0 100644 --- a/2022/41xxx/CVE-2022-41190.json +++ b/2022/41xxx/CVE-2022-41190.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41191.json b/2022/41xxx/CVE-2022-41191.json index 7cbb4db397c..6b1e03cbc6f 100644 --- a/2022/41xxx/CVE-2022-41191.json +++ b/2022/41xxx/CVE-2022-41191.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41192.json b/2022/41xxx/CVE-2022-41192.json index 6c87349031c..510cbf2cd0e 100644 --- a/2022/41xxx/CVE-2022-41192.json +++ b/2022/41xxx/CVE-2022-41192.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41193.json b/2022/41xxx/CVE-2022-41193.json index 3d1394d4c0c..69ce0bef14a 100644 --- a/2022/41xxx/CVE-2022-41193.json +++ b/2022/41xxx/CVE-2022-41193.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41194.json b/2022/41xxx/CVE-2022-41194.json index 2624e8254a1..792c2d1dd61 100644 --- a/2022/41xxx/CVE-2022-41194.json +++ b/2022/41xxx/CVE-2022-41194.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41196.json b/2022/41xxx/CVE-2022-41196.json index e50ff18391f..a87e7c99a28 100644 --- a/2022/41xxx/CVE-2022-41196.json +++ b/2022/41xxx/CVE-2022-41196.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41197.json b/2022/41xxx/CVE-2022-41197.json index cf7d5c12845..812aebec9eb 100644 --- a/2022/41xxx/CVE-2022-41197.json +++ b/2022/41xxx/CVE-2022-41197.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41198.json b/2022/41xxx/CVE-2022-41198.json index 4709a343e46..0b7f8cd5fa4 100644 --- a/2022/41xxx/CVE-2022-41198.json +++ b/2022/41xxx/CVE-2022-41198.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41199.json b/2022/41xxx/CVE-2022-41199.json index 7ae24851391..852fc6ab030 100644 --- a/2022/41xxx/CVE-2022-41199.json +++ b/2022/41xxx/CVE-2022-41199.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41200.json b/2022/41xxx/CVE-2022-41200.json index d0e11b10c85..a68ec82ba00 100644 --- a/2022/41xxx/CVE-2022-41200.json +++ b/2022/41xxx/CVE-2022-41200.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41201.json b/2022/41xxx/CVE-2022-41201.json index adf965924c6..c92e505d38e 100644 --- a/2022/41xxx/CVE-2022-41201.json +++ b/2022/41xxx/CVE-2022-41201.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41202.json b/2022/41xxx/CVE-2022-41202.json index 6757efe577f..2f220141639 100644 --- a/2022/41xxx/CVE-2022-41202.json +++ b/2022/41xxx/CVE-2022-41202.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3245928", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3245928" } ] } diff --git a/2022/41xxx/CVE-2022-41204.json b/2022/41xxx/CVE-2022-41204.json index 91fdb0c2dc2..d3cc15f8536 100644 --- a/2022/41xxx/CVE-2022-41204.json +++ b/2022/41xxx/CVE-2022-41204.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1905" + }, + { + "version_name": "<", + "version_value": "2005" + }, + { + "version_name": "<", + "version_value": "2105" + }, + { + "version_name": "<", + "version_value": "2011" + }, + { + "version_name": "<", + "version_value": "2205" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3239152", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3239152" } ] } diff --git a/2022/41xxx/CVE-2022-41206.json b/2022/41xxx/CVE-2022-41206.json index 528e1b1bfdc..09f291baa9a 100644 --- a/2022/41xxx/CVE-2022-41206.json +++ b/2022/41xxx/CVE-2022-41206.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence platform (Analysis for OLAP)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "420" + }, + { + "version_name": "<", + "version_value": "430" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3229425", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3229425" } ] } diff --git a/2022/41xxx/CVE-2022-41209.json b/2022/41xxx/CVE-2022-41209.json index 825575439f3..8ed3266979f 100644 --- a/2022/41xxx/CVE-2022-41209.json +++ b/2022/41xxx/CVE-2022-41209.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Customer Data Cloud (Gigya)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3248970", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3248970" } ] } diff --git a/2022/41xxx/CVE-2022-41210.json b/2022/41xxx/CVE-2022-41210.json index eb33fcd6ff7..70505f2156b 100644 --- a/2022/41xxx/CVE-2022-41210.json +++ b/2022/41xxx/CVE-2022-41210.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Customer Data Cloud (Gigya)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "null", + "vectorString": "null", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-338" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "refsource": "MISC", + "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3248384", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3248384" } ] }