7.5
CVE-2022-22533
- EPSS 0.38%
- Veröffentlicht 09.02.2022 23:15:18
- Zuletzt bearbeitet 21.11.2024 06:46:58
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Java Version7.22
SAP ≫ Netweaver Application Server Java Version7.49
SAP ≫ Netweaver Application Server Java Version7.53
SAP ≫ Netweaver Application Server Java Versionkrnl64nuc_7.22
SAP ≫ Netweaver Application Server Java Versionkrnl64nuc_7.22ext
SAP ≫ Netweaver Application Server Java Versionkrnl64nuc_7.49
SAP ≫ Netweaver Application Server Java Versionkrnl64uc_7.22
SAP ≫ Netweaver Application Server Java Versionkrnl64uc_7.22ext
SAP ≫ Netweaver Application Server Java Versionkrnl64uc_7.49
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.588 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.