CVE-2022-22533 (GCVE-0-2022-22533)

Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2024-08-03 03:14
VLAI?
Summary
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
Severity ?
No CVSS data available.
CWE
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP NetWeaver Application Server Java Affected: KRNL64NUC 7.22
Affected: 7.22EXT
Affected: 7.49
Affected: KRNL64UC
Affected: 7.22
Affected: 7.53
Affected: KERNEL 7.22
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3123427"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver Application Server Java",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "KRNL64NUC 7.22"
            },
            {
              "status": "affected",
              "version": "7.22EXT"
            },
            {
              "status": "affected",
              "version": "7.49"
            },
            {
              "status": "affected",
              "version": "KRNL64UC"
            },
            {
              "status": "affected",
              "version": "7.22"
            },
            {
              "status": "affected",
              "version": "7.53"
            },
            {
              "status": "affected",
              "version": "KERNEL 7.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T15:17:11",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3123427"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2022-22533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver Application Server Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64NUC 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KRNL64UC"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.22EXT"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "KERNEL 7.22"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.49"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.53"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3123427",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3123427"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2022-22533",
    "datePublished": "2022-02-09T22:05:20",
    "dateReserved": "2022-01-04T00:00:00",
    "dateUpdated": "2024-08-03T03:14:55.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C50443A-8C3D-46D3-8FF7-A4CFC2C0C184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA667A93-ADC5-4B46-8CE0-6AC3535B0BC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C31830DA-EA34-46F7-9CE5-4BFEAD7B19D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9374DC36-C1F6-475B-9EED-052A50A73DA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"411B23E4-EE88-43EE-975D-BB2D306846F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15DD63FA-A334-4CA9-AAF1-5F6B0DE78703\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B674D815-7910-46E6-B8D0-4819ED7B56A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E860E042-5EBC-4AEA-9EFB-C1CF99EDEA96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F050C2CF-C104-483A-A6B7-E6E67BFE68CF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.\"}, {\"lang\": \"es\", \"value\": \"Debido a un manejo inapropiado de errores en SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante podr\\u00eda enviar m\\u00faltiples peticiones al servidor HTTP que resulten en errores, de tal manera que consuma el buffer de memoria. Esto podr\\u00eda resultar en el cierre del sistema haciendo que el sistema no est\\u00e9 disponible\"}]",
      "id": "CVE-2022-22533",
      "lastModified": "2024-11-21T06:46:58.387",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-09T23:15:18.483",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3123427\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3123427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22533\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2022-02-09T23:15:18.483\",\"lastModified\":\"2024-11-21T06:46:58.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.\"},{\"lang\":\"es\",\"value\":\"Debido a un manejo inapropiado de errores en SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante podr\u00eda enviar m\u00faltiples peticiones al servidor HTTP que resulten en errores, de tal manera que consuma el buffer de memoria. Esto podr\u00eda resultar en el cierre del sistema haciendo que el sistema no est\u00e9 disponible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C50443A-8C3D-46D3-8FF7-A4CFC2C0C184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA667A93-ADC5-4B46-8CE0-6AC3535B0BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C31830DA-EA34-46F7-9CE5-4BFEAD7B19D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9374DC36-C1F6-475B-9EED-052A50A73DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"411B23E4-EE88-43EE-975D-BB2D306846F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15DD63FA-A334-4CA9-AAF1-5F6B0DE78703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B674D815-7910-46E6-B8D0-4819ED7B56A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E860E042-5EBC-4AEA-9EFB-C1CF99EDEA96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F050C2CF-C104-483A-A6B7-E6E67BFE68CF\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3123427\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3123427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.