mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
105 lines
3.1 KiB
JSON
105 lines
3.1 KiB
JSON
{
|
|
"id": "CVE-2022-41201",
|
|
"sourceIdentifier": "cna@sap.com",
|
|
"published": "2022-10-11T21:15:26.203",
|
|
"lastModified": "2023-07-10T21:15:10.300",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.\n\n"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Debido a una falta de administraci\u00f3n apropiada de la memoria, cuando una v\u00edctima abre un archivo Right Hemisphere Binary manipulado (.rh, rh.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versi\u00f3n 9, es posible que sea desencadenada una Ejecuci\u00f3n de C\u00f3digo Remota cuando la carga \u00fatil fuerce un desbordamiento en la regi\u00f3n stack de la memoria o un re\u00faso del puntero colgante que haga referencia a un espacio sobrescrito en la memoria"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-119"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-119"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:3d_visual_enterprise_viewer:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "9.0",
|
|
"matchCriteriaId": "2E6BE7F9-86AF-4AC1-B567-5430022A6770"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://launchpad.support.sap.com/#/notes/3245928",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Permissions Required"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |