CVE-2022-22533

HIGH

SAP NetWeaver Application Server Java - DoS

Title source: llm

Description

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/3123427

Vendor Advisory x_refsource_misc

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.5

EPSS 0.0075

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-416

Status published

Products (9)

sap/netweaver_application_server_java 7.22

sap/netweaver_application_server_java 7.49

sap/netweaver_application_server_java 7.53

sap/netweaver_application_server_java krnl64nuc_7.22

sap/netweaver_application_server_java krnl64nuc_7.22ext

sap/netweaver_application_server_java krnl64nuc_7.49

sap/netweaver_application_server_java krnl64uc_7.22

sap/netweaver_application_server_java krnl64uc_7.22ext

sap/netweaver_application_server_java krnl64uc_7.49

Published Feb 09, 2022

Tracked Since Feb 18, 2026