CVE-2022-22533 - Vulnerability Details

Vendors	Products
Sap	Netweaver Application Server Java

Link	Providers
https://launchpad.support.sap.com/#/notes/3123427
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Application Server Java", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "7.49"}, {"status": "affected", "version": "KRNL64UC"}, {"status": "affected", "version": "7.22"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "KERNEL 7.22"}]}], "descriptions": [{"lang": "en", "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T15:17:11", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3123427"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Application Server Java", "version": {"version_data": [{"version_affected": "=", "version_value": "KRNL64NUC 7.22"}, {"version_affected": "=", "version_value": "7.22EXT"}, {"version_affected": "=", "version_value": "7.49"}, {"version_affected": "=", "version_value": "KRNL64UC"}, {"version_affected": "=", "version_value": "7.22"}, {"version_affected": "=", "version_value": "7.22EXT"}, {"version_affected": "=", "version_value": "7.49"}, {"version_affected": "=", "version_value": "7.53"}, {"version_affected": "=", "version_value": "KERNEL 7.22"}, {"version_affected": "=", "version_value": "7.49"}, {"version_affected": "=", "version_value": "7.53"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.support.sap.com/#/notes/3123427", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3123427"}, {"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3123427"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22533", "datePublished": "2022-02-09T22:05:20", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : SAP NetWeaver Application Server Java (string)

vendor : SAP SE (string)

versions : [ »

0 : { »

status : affected (string)

version : KRNL64NUC 7.22 (string)

}

1 : { »

status : affected (string)

version : 7.22EXT (string)

}

2 : { »

status : affected (string)

version : 7.49 (string)

}

3 : { »

status : affected (string)

version : KRNL64UC (string)

}

4 : { »

status : affected (string)

version : 7.22 (string)

}

5 : { »

status : affected (string)

version : 7.53 (string)

}

6 : { »

status : affected (string)

version : KERNEL 7.22 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-416 (string)

description : CWE-416 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-08-24T15:17:11 (string)

orgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

shortName : sap (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://launchpad.support.sap.com/#/notes/3123427 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cna@sap.com (string)

ID : CVE-2022-22533 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : SAP NetWeaver Application Server Java (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : KRNL64NUC 7.22 (string)

}

1 : { »

version_affected : = (string)

version_value : 7.22EXT (string)

}

2 : { »

version_affected : = (string)

version_value : 7.49 (string)

}

3 : { »

version_affected : = (string)

version_value : KRNL64UC (string)

}

4 : { »

version_affected : = (string)

version_value : 7.22 (string)

}

5 : { »

version_affected : = (string)

version_value : 7.22EXT (string)

}

6 : { »

version_affected : = (string)

version_value : 7.49 (string)

}

7 : { »

version_affected : = (string)

version_value : 7.53 (string)

}

8 : { »

version_affected : = (string)

version_value : KERNEL 7.22 (string)

}

9 : { »

version_affected : = (string)

version_value : 7.49 (string)

}

10 : { »

version_affected : = (string)

version_value : 7.53 (string)

}

]

}

]

}

vendor_name : SAP SE (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. (string)

}

]

}

impact : { »

cvss : { »

baseScore : null (string)

vectorString : null (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-416 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://launchpad.support.sap.com/#/notes/3123427 (string)

refsource : MISC (string)

url : https://launchpad.support.sap.com/#/notes/3123427 (string)

}

1 : { »

name : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

refsource : MISC (string)

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T03:14:55.480Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://launchpad.support.sap.com/#/notes/3123427 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

assignerShortName : sap (string)

cveId : CVE-2022-22533 (string)

datePublished : 2022-02-09T22:05:20 (string)

dateReserved : 2022-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T03:14:55.480Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "0C50443A-8C3D-46D3-8FF7-A4CFC2C0C184", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "CA667A93-ADC5-4B46-8CE0-6AC3535B0BC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "C31830DA-EA34-46F7-9CE5-4BFEAD7B19D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "9374DC36-C1F6-475B-9EED-052A50A73DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "411B23E4-EE88-43EE-975D-BB2D306846F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49:*:*:*:*:*:*:*", "matchCriteriaId": "15DD63FA-A334-4CA9-AAF1-5F6B0DE78703", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "B674D815-7910-46E6-B8D0-4819ED7B56A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "E860E042-5EBC-4AEA-9EFB-C1CF99EDEA96", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49:*:*:*:*:*:*:*", "matchCriteriaId": "F050C2CF-C104-483A-A6B7-E6E67BFE68CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."}, {"lang": "es", "value": "Debido a un manejo inapropiado de errores en SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante podr\u00eda enviar m\u00faltiples peticiones al servidor HTTP que resulten en errores, de tal manera que consuma el buffer de memoria. Esto podr\u00eda resultar en el cierre del sistema haciendo que el sistema no est\u00e9 disponible"}], "id": "CVE-2022-22533", "lastModified": "2024-11-21T06:46:58.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T23:15:18.483", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3123427"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3123427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cna@sap.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:7.22:*:*:*:*:*:*:* (string)

matchCriteriaId : 0C50443A-8C3D-46D3-8FF7-A4CFC2C0C184 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:7.49:*:*:*:*:*:*:* (string)

matchCriteriaId : CA667A93-ADC5-4B46-8CE0-6AC3535B0BC1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:7.53:*:*:*:*:*:*:* (string)

matchCriteriaId : C31830DA-EA34-46F7-9CE5-4BFEAD7B19D2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22:*:*:*:*:*:*:* (string)

matchCriteriaId : 9374DC36-C1F6-475B-9EED-052A50A73DA6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext:*:*:*:*:*:*:* (string)

matchCriteriaId : 411B23E4-EE88-43EE-975D-BB2D306846F1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49:*:*:*:*:*:*:* (string)

matchCriteriaId : 15DD63FA-A334-4CA9-AAF1-5F6B0DE78703 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22:*:*:*:*:*:*:* (string)

matchCriteriaId : B674D815-7910-46E6-B8D0-4819ED7B56A6 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext:*:*:*:*:*:*:* (string)

matchCriteriaId : E860E042-5EBC-4AEA-9EFB-C1CF99EDEA96 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49:*:*:*:*:*:*:* (string)

matchCriteriaId : F050C2CF-C104-483A-A6B7-E6E67BFE68CF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. (string)

}

1 : { »

lang : es (string)

value : Debido a un manejo inapropiado de errores en SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante podría enviar múltiples peticiones al servidor HTTP que resulten en errores, de tal manera que consuma el buffer de memoria. Esto podría resultar en el cierre del sistema haciendo que el sistema no esté disponible (string)

}

]

id : CVE-2022-22533 (string)

lastModified : 2024-11-21T06:46:58.387 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-02-09T23:15:18.483 (string)

references : [ »

0 : { »

source : cna@sap.com (string)

tags : [ »

0 : Permissions Required (string)

1 : Vendor Advisory (string)

]

url : https://launchpad.support.sap.com/#/notes/3123427 (string)

}

1 : { »

source : cna@sap.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

1 : Vendor Advisory (string)

]

url : https://launchpad.support.sap.com/#/notes/3123427 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

sourceIdentifier : cna@sap.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : cna@sap.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object