CVE-2022-22532
CRITICALSAP NetWeaver Application Server Java - Memory Corruption
Title source: llmDescription
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3123427
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Scores
CVSS v3
9.8
EPSS
0.0233
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-444
Status
published
Products (9)
sap/netweaver_application_server_java
7.22
sap/netweaver_application_server_java
7.49
sap/netweaver_application_server_java
7.53
sap/netweaver_application_server_java
krnl64nuc_7.22
sap/netweaver_application_server_java
krnl64nuc_7.22ext
sap/netweaver_application_server_java
krnl64nuc_7.49
sap/netweaver_application_server_java
krnl64uc_7.22
sap/netweaver_application_server_java
krnl64uc_7.22ext
sap/netweaver_application_server_java
krnl64uc_7.49
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026