CVE-2022-22543

Published: Feb 9, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Affected (24)

Products: Sap: Netweaver Abap, Netweaver As Abap

Sap

2 products

Netweaver Abap

Netweaver As Abap

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Abap	Version 7.22
Sap Netweaver Abap	Version 7.22ext
Sap Netweaver Abap	Version 7.49
Sap Netweaver Abap	Version 7.53
Sap Netweaver Abap	Version 7.77
Sap Netweaver Abap	Version 7.81
Sap Netweaver Abap	Version 7.85
Sap Netweaver Abap	Version 7.86
Sap Netweaver Abap	Version 7.87
Sap Netweaver Abap	Version 8.04
Sap Netweaver Abap	Version krnl64nuc_7.22
Sap Netweaver Abap	Version krnl64nuc_8.04
Sap Netweaver As Abap	Version 7.22
Sap Netweaver As Abap	Version 7.22ext
Sap Netweaver As Abap	Version 7.49
Sap Netweaver As Abap	Version 7.53
Sap Netweaver As Abap	Version 7.77
Sap Netweaver As Abap	Version 7.81
Sap Netweaver As Abap	Version 7.85
Sap Netweaver As Abap	Version 7.86
Sap Netweaver As Abap	Version 7.87
Sap Netweaver As Abap	Version 8.04
Sap Netweaver As Abap	Version krnl64nuc_7.22
Sap Netweaver As Abap	Version krnl64nuc_8.04