CVE-2022-22533

{"id": "CVE-2022-22533", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-09T23:15:18.483", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3123427", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable."}, {"lang": "es", "value": "Debido a un manejo inapropiado de errores en SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante podr\u00eda enviar m\u00faltiples peticiones al servidor HTTP que resulten en errores, de tal manera que consuma el buffer de memoria. Esto podr\u00eda resultar en el cierre del sistema haciendo que el sistema no est\u00e9 disponible"}], "lastModified": "2022-10-27T01:09:21.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C50443A-8C3D-46D3-8FF7-A4CFC2C0C184"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA667A93-ADC5-4B46-8CE0-6AC3535B0BC1"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C31830DA-EA34-46F7-9CE5-4BFEAD7B19D2"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9374DC36-C1F6-475B-9EED-052A50A73DA6"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "411B23E4-EE88-43EE-975D-BB2D306846F1"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64nuc_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15DD63FA-A334-4CA9-AAF1-5F6B0DE78703"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B674D815-7910-46E6-B8D0-4819ED7B56A6"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E860E042-5EBC-4AEA-9EFB-C1CF99EDEA96"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:krnl64uc_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F050C2CF-C104-483A-A6B7-E6E67BFE68CF"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}