CVE-2022-22533

Published: Feb 9, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Affected (9)

Products: Sap: Netweaver Application Server Java

Sap

1 product

Netweaver Application Server Java

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Java	Version 7.22
Sap Netweaver Application Server Java	Version 7.49
Sap Netweaver Application Server Java	Version 7.53
Sap Netweaver Application Server Java	Version krnl64nuc_7.22
Sap Netweaver Application Server Java	Version krnl64nuc_7.22ext
Sap Netweaver Application Server Java	Version krnl64nuc_7.49
Sap Netweaver Application Server Java	Version krnl64uc_7.22
Sap Netweaver Application Server Java	Version krnl64uc_7.22ext
Sap Netweaver Application Server Java	Version krnl64uc_7.49