CVE-2022-22543 Information

Description

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22 8.04 7.49 7.53 7.77 7.81 7.85 7.86 7.87 KRNL64UC 8.04 7.22 7.22EXT 7.49 7.53 KRNL64NUC 7.22 7.22EXT 7.49 does not sufficiently validate sap-passport information which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately other processes are not affected.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://launchpad.support.sap.com/#/notes/3116223 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5