Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Published

2022-02-09T23:15:18.483

Last Modified

2024-11-21T06:46:58.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-416
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_java 7.22 Yes
Application sap netweaver_application_server_java 7.49 Yes
Application sap netweaver_application_server_java 7.53 Yes
Application sap netweaver_application_server_java krnl64nuc_7.22 Yes
Application sap netweaver_application_server_java krnl64nuc_7.22ext Yes
Application sap netweaver_application_server_java krnl64nuc_7.49 Yes
Application sap netweaver_application_server_java krnl64uc_7.22 Yes
Application sap netweaver_application_server_java krnl64uc_7.22ext Yes
Application sap netweaver_application_server_java krnl64uc_7.49 Yes
References