PT-2022-15502 · Sap · Sap Netweaver Application Server Java
Published
2022-02-09
·
Updated
2022-09-30
·
CVE-2022-22532
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server Java versions 7.22 through 7.53
Description
An unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling, allowing the malicious payload to be executed. This could enable the attacker to impersonate the victim or steal the victim's logon session.
Recommendations
For versions 7.22 through 7.53, update to a version that includes the fix for this issue to prevent improper shared memory buffer handling and potential execution of malicious payloads.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Java