CVE-2022-22533

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java
Vendor: CVE Published:; 9 February 2022

Summary

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Affected Version(s)

SAP NetWeaver Application Server Java KRNL64NUC 7.22

SAP NetWeaver Application Server Java 7.22EXT

SAP NetWeaver Application Server Java 7.49

References

https://launchpad.support.sap.com/#/notes/3123427

x_refsource_MISC

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 4, 2022