CVE-2022-22543
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
09/02/2022
Last modified:
25/10/2022
Description
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.86:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:7.87:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:8.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_8.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap:7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap:7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap:7.49:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page