CVE-2022-22533

Description

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Affected products

• SAP_SE / SAP NetWeaver Application Server JavaKRNL64NUC 7.22 – KRNL64NUC 7.22
• SAP_SE / SAP NetWeaver Application Server Java7.22EXT – 7.22EXT
• SAP_SE / SAP NetWeaver Application Server Java7.49 – 7.49
• SAP_SE / SAP NetWeaver Application Server JavaKRNL64UC – KRNL64UC
• SAP_SE / SAP NetWeaver Application Server Java7.22 – 7.22
• SAP_SE / SAP NetWeaver Application Server Java7.53 – 7.53
• SAP_SE / SAP NetWeaver Application Server JavaKERNEL 7.22 – KERNEL 7.22

References

• MISChttps://launchpad.support.sap.com/#/notes/3123427
• MISChttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html