The attacker needs to send an email with malicious .eps file to the victim to exploit this vulnerability. The .eps file should be received by the victim via email and opened in SAP 3D Visual Enterprise Viewer - version 9. The manipulated .eps file can be received via email and opened in any other viewer application such as Microsoft Office Viewer, Google Drive, etc. without any verification of origin. This can lead to an arbitrary code execution in the SAP 3D Visual Enterprise Viewer - version 9. The issue has been confirmed on the following SAP systems: - SAP NetWeaver 7.0 - SAP Fiori 1.3 - SAP Fiori 1.4 - SAP Fiori 1.5 - SAP Cloud - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with BOSH - SAP Cloud with B

Vulnerability discovery and analysis

This vulnerability was discovered and analyzed by Chengwei Gao from Palo Alto Networks Industrial Cyber Security Team.

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 20:18:00 UTC

References