Vulnerability Details CVE-2022-22533
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2022-22533
-
cpe:2.3:a:sap:netweaver_application_server_java:7.22
-
cpe:2.3:a:sap:netweaver_application_server_java:7.49
-
cpe:2.3:a:sap:netweaver_application_server_java:7.53
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext
-
cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49