CVE-2022-22533

Summary

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server JavaKRNL64NUC 7.22affected
SAP SESAP NetWeaver Application Server Java7.22EXTaffected
SAP SESAP NetWeaver Application Server Java7.49affected
SAP SESAP NetWeaver Application Server JavaKRNL64UCaffected
SAP SESAP NetWeaver Application Server Java7.22affected
SAP SESAP NetWeaver Application Server Java7.53affected
SAP SESAP NetWeaver Application Server JavaKERNEL 7.22affected

Weaknesses

  • CWE-416: CWE-416

ADP Enrichment

CVE Program Container

Additional References

References