CVE-2022-22543

Summary

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)KERNEL 7.22affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)8.04affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.49affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.53affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.77affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.81affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.85affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.86affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.87affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)KRNL64UC 8.04affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.22affected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)7.22EXTaffected
SAP SESAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)KRNL64NUC 7.22affected

Weaknesses

  • CWE-400: CWE-400

ADP Enrichment

CVE Program Container

Additional References

References