CVE-2022-22543

CVE-2022-22543

Vendor Sap Se
Product SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)
Weakness CWE-400
Published February 9, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Key dates

02Disclosure timeline

February 9, 2022 CVE published
August 3, 2024 Record updated