Vulnerability Details CVE-2022-22543
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2022-22543
-
cpe:2.3:a:sap:netweaver_abap:7.22
-
cpe:2.3:a:sap:netweaver_abap:7.22ext
-
cpe:2.3:a:sap:netweaver_abap:7.49
-
cpe:2.3:a:sap:netweaver_abap:7.53
-
cpe:2.3:a:sap:netweaver_abap:7.77
-
cpe:2.3:a:sap:netweaver_abap:7.81
-
cpe:2.3:a:sap:netweaver_abap:7.85
-
cpe:2.3:a:sap:netweaver_abap:7.86
-
cpe:2.3:a:sap:netweaver_abap:7.87
-
cpe:2.3:a:sap:netweaver_abap:8.04
-
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_8.04
-
cpe:2.3:a:sap:netweaver_as_abap:7.22
-
cpe:2.3:a:sap:netweaver_as_abap:7.22ext
-
cpe:2.3:a:sap:netweaver_as_abap:7.49
-
cpe:2.3:a:sap:netweaver_as_abap:7.53
-
cpe:2.3:a:sap:netweaver_as_abap:7.77
-
cpe:2.3:a:sap:netweaver_as_abap:7.81
-
cpe:2.3:a:sap:netweaver_as_abap:7.85
-
cpe:2.3:a:sap:netweaver_as_abap:7.86
-
cpe:2.3:a:sap:netweaver_as_abap:7.87
-
cpe:2.3:a:sap:netweaver_as_abap:8.04
-
cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_8.04