CVE-2022-22543

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.6%

top 31.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap (kernel) AND Abap Platform (kernel)SAP Netweaver Abap SAP Netweaver AS Abap

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other pro…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_(kernel)_and_abap_platform_(kernel)13 versions+12

▶NVDsap/netweaver_abap12 versions+11

▶NVDsap/netweaver_as_abap12 versions+11

🔴Vulnerability Details

GHSA

GHSA-rmj9-w393-hxwf: SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7↗2022-02-11

▶

CVEList

CVE-2022-22543: SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7↗2022-02-09

▶