| |
Vulnerability CVE-2022-22533
Published: 2022-02-09 Modified: 2022-02-10
| Description: |
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. |
Type:
CWE-416 (Use After Free)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Partial |
References: |
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
https://launchpad.support.sap.com/#/notes/3123427
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
