This issue can be exploited remotely by tricking user to open malicious cursor file via email or instant message. It is also possible that user might try to open cursor file by mistake. This issue has been documented with SAP Visual Enterprise versions 3.1 and 4.1. The issue has been resolved in version 4.2. Patches as well as recommended steps have been provided in the blog post.

Vulnerability Risk Assessment

SAP Visual Enterprise versions 3.1 and 4.1 are vulnerable to a remote code execution vulnerability by tricking users to open malicious cursor file via email or instant message. It is also possible that user might try to open the cursor file by mistake.
The issue has been resolved in version 4.2.

Visual Enterprise 3.1 to 4.2

This issue is caused by a feature that's not documented in the help system. It is possible to use this feature to create a cursor file that has malicious code.  The malicious code will execute when user double-clicks on the file or opens it from an email or instant message.  There is no patch for this issue, but it can be resolved with the following:  1) Create a blank file and name it "Cursor" and launch Visual Enterprise 4.2 2) Navigate to File -> Open source->Open cursor file 3) Delete all the content in the new cursor file (this will cancel out any malicious code)

Summary of CVE-2022-41183

SAP has released a patch for this remote code execution vulnerability. The company recommends that you update your system to the latest version of Visual Enterprise which includes the fix for CVE-2022-41183.

Vulnerable URL to Exploit http://{hostname}/sap/reports/cursor.html

The product which has been impacted is SAP Visual Enterprise and has been fixed in version 4.2.

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 20:05:00 UTC

References