CVE-2022-22543

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) versions 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 8.04

Description The software does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Recommendations For versions 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 8.04, consider implementing additional validation for sap-passport information to prevent Denial-of-Service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.