CVE-2022-28773

7.5HIGH

Key Information:

Vendor
SAP
Status
SAP Netweaver (internet Communication Manager)
SAP Web Dispatcher
Vendor
CVE Published:
12 April 2022

Summary

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

Affected Version(s)

SAP NetWeaver (Internet Communication Manager) KRNL64NUC 7.22

SAP NetWeaver (Internet Communication Manager) 7.22EXT

SAP NetWeaver (Internet Communication Manager) 7.49

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3111293
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.