Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.

Published

2022-02-09T23:15:18.430

Last Modified

2024-11-21T06:46:58.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-444
  • Type: Secondary
    CWE-444
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_java 7.22 Yes
Application sap netweaver_application_server_java 7.49 Yes
Application sap netweaver_application_server_java 7.53 Yes
Application sap netweaver_application_server_java krnl64nuc_7.22 Yes
Application sap netweaver_application_server_java krnl64nuc_7.22ext Yes
Application sap netweaver_application_server_java krnl64nuc_7.49 Yes
Application sap netweaver_application_server_java krnl64uc_7.22 Yes
Application sap netweaver_application_server_java krnl64uc_7.22ext Yes
Application sap netweaver_application_server_java krnl64uc_7.49 Yes
References