CVE-2022-27668 vulnerability in SAP Products
Published on June 14, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2022-27668 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2022-27668
Want to know whenever a new CVE is published for SAP products? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver and ABAP Platform:- Version KERNEL 7.49 is affected.
- Version 7.77 is affected.
- Version 7.81 is affected.
- Version 7.85 is affected.
- Version 7.86 is affected.
- Version 7.87 is affected.
- Version 7.88 is affected.
- Version KRNL64NUC 7.49 is affected.
- Version KRNL64UC 7.49 is affected.
- Version SAP_ROUTER 7.53 is affected.
- Version 7.22 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.