PT-2022-15503 · Sap · Sap Netweaver Application Server Java
Published
2022-02-09
·
Updated
2022-10-27
·
CVE-2022-22533
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server Java versions 7.22 through 7.53
Description
The issue arises from improper error handling, allowing an attacker to submit multiple HTTP server requests that result in errors, consuming the memory buffer and potentially leading to system shutdown, rendering the system unavailable.
Recommendations
For versions 7.22 through 7.53, update to a version that includes proper error handling to prevent memory buffer consumption.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Java