CVE-2022-28773

HIGH

SAP Web Dispatcher/SAP Internet Communication Manager - DoS

Title source: llm

Description

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

References (2)

[Vendor Advisory] https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/3111293

Scores

CVSS v3 7.5

EPSS 0.0114

EPSS Percentile 78.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-674

Status published

Products (15)

sap/netweaver 7.22ext

sap/netweaver 7.49

sap/netweaver 7.53

sap/netweaver 7.77

sap/netweaver 7.81

sap/netweaver 7.85

sap/netweaver 7.86

sap/netweaver kernel_7.22

sap/netweaver krnl64nuc_7.22

sap/netweaver krnl64uc_7.22

... and 5 more

Published Apr 12, 2022

Tracked Since Feb 18, 2026