VDB
CVE-2022-22538
CVE-2022-22538
PUBLISHED
CVSS 6.5 MEDIUM
When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
EPSS 0.25% · 48.9th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.25%
48.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | 3d_visual_enterprise_viewer | 9 |
| SAP SE | SAP 3D Visual Enterprise Viewer | 9.0 |
Exploit Intelligence
- https://launchpad.support.sap.com/#/notes/3134684 (circl)
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
…and 108 more exploits
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Feb 9, 2022 CVE Published
- Feb 10, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 18, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Sep 16, 2022 PoC Published