CVE-2022-22543

09.02.2022, 23:15

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sap	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Vendor	Product	Version
sap	netweaver_abap	7.22
sap	netweaver_abap	7.22ext:ext
sap	netweaver_abap	7.49
sap	netweaver_abap	7.53
sap	netweaver_abap	7.77
sap	netweaver_abap	7.81
sap	netweaver_abap	7.85
sap	netweaver_abap	7.86
sap	netweaver_abap	7.87
sap	netweaver_abap	8.04
sap	netweaver_as_abap	7.22
sap	netweaver_as_abap	7.22ext:ext
sap	netweaver_as_abap	7.49
sap	netweaver_as_abap	7.53
sap	netweaver_as_abap	7.77
sap	netweaver_as_abap	7.81
sap	netweaver_as_abap	7.85
sap	netweaver_as_abap	7.86
sap	netweaver_as_abap	7.87
sap	netweaver_as_abap	8.04

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://launchpad.support.sap.com/#/notes/3116223

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

https://launchpad.support.sap.com/#/notes/3116223

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html