CVE-2022-28773

CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption CWE-7893 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (internet Communication Manager)SAP SE SAP WEB Dispatcher SAP Netweaver +1 more

Timeline

PublishedApr 12

Latest updateApr 13

Description

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5sap_se/sap_netweaver_(internet_communication_manager)10 versions+9

▶NVDsap/web_dispatcher5 versions+4

▶CVEListV5sap_se/sap_web_dispatcher5 versions+4

▶NVDsap/netweaver10 versions+9

🔴Vulnerability Details

GHSA

GHSA-hq75-pvpq-98xx: Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service↗2022-04-13

▶

CVEList

CVE-2022-28773: Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service↗2022-04-12

▶