Vulnerability Name: CVE-2022-22543 (CCN-219088) Assigned: 2022-02-08 Published: 2022-02-08 Updated: 2022-10-25 Summary: SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-400 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2022-22543 sap-cve202222543-dos(219088) SAP Support Note 3116223 https://launchpad.support.sap.com/#/notes/3116223 SAP Security Patch Day - February 2022 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vulnerable Configuration: Configuration 1 :cpe:/a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.49:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.53:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.77:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.81:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.49:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.53:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.77:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.81:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.22ext:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.85:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.86:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:7.87:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:8.04:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:krnl64nuc_8.04:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.87:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.85:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:7.86:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_abap:8.04:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64nuc_8.04:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:* OR cpe:/a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:* BACK
sap netweaver as abap krnl64nuc_7.22
sap netweaver abap krnl64nuc_7.22
sap netweaver as abap 7.22
sap netweaver as abap 7.49
sap netweaver as abap 7.53
sap netweaver as abap 7.77
sap netweaver as abap 7.81
sap netweaver abap 7.22
sap netweaver abap 7.49
sap netweaver abap 7.53
sap netweaver abap 7.77
sap netweaver abap 7.81
sap netweaver as abap 7.22ext
sap netweaver abap 7.22ext
sap netweaver as abap 7.85
sap netweaver as abap 7.86
sap netweaver as abap 7.87
sap netweaver as abap 8.04
sap netweaver abap krnl64nuc_8.04
sap netweaver abap 7.87
sap netweaver abap 7.85
sap netweaver abap 7.86
sap netweaver abap 8.04
sap netweaver as abap krnl64nuc_8.04
sap netweaver as abap krnl64nuc_7.22
sap netweaver as abap krnl64nuc_7.22ext
sap netweaver as abap krnl64nuc_7.49
sap netweaver as abap krnl64uc_8.04
sap netweaver as abap krnl64uc_7.22
sap netweaver as abap krnl64uc_7.22ext
sap netweaver as abap krnl64uc_7.49
sap netweaver as abap krnl64uc_7.53
sap netweaver as abap kernel_7.22
sap netweaver as abap kernel_8.04
sap netweaver as abap kernel_7.49
sap netweaver as abap kernel_7.53
sap netweaver as abap kernel_7.77
sap netweaver as abap kernel_7.81
Denotes that component is vulnerable