On 11.10.2022 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within SAP 3D Visual Enterprise .
SAP Note 3245928 addresses "[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer" to prevent code injection denial of service (dos) with a high risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Risk specificationThis SAP security note addresses several vulnerabilities identified in SAP 3D Visual Enterprise Viewer. SAP 3D Visual Enterprise Viewer does not properly validate inputs of certain file types allowing an unauthenticated user to open manipulated files received from untrusted sources resulting in the application to crash and becoming temporarily unavailable.
SAP 3D Visual Enterprise Viewer now properly validates the input files.
The advisory is valid for
- VE_VIEWER 9