CVE-2022-22532

CRITICAL

SAP NetWeaver Application Server Java - Memory Corruption

Title source: llm
STIX 2.1

Description

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0208
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-444
Status published
Products (9)
sap/netweaver_application_server_java 7.22
sap/netweaver_application_server_java 7.49
sap/netweaver_application_server_java 7.53
sap/netweaver_application_server_java krnl64nuc_7.22
sap/netweaver_application_server_java krnl64nuc_7.22ext
sap/netweaver_application_server_java krnl64nuc_7.49
sap/netweaver_application_server_java krnl64uc_7.22
sap/netweaver_application_server_java krnl64uc_7.22ext
sap/netweaver_application_server_java krnl64uc_7.49
Published Feb 09, 2022
Tracked Since Feb 18, 2026