CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2022-22532

CVSS 9.8v3.1pub. 2022-02-09upd. 2024-11-21

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Netweaver Application Server Java

    APP
    Sap
    7.227.497.53krnl64nuc_7.22krnl64nuc_7.22extkrnl64nuc_7.49krnl64uc_7.22krnl64uc_7.22extkrnl64uc_7.49
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-6287CRITICAL10.0⚠ KEVten sam produkt

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...

CVE-2010-5326CRITICAL10.0⚠ KEVten sam produkt

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...

CVE-2016-2386CRITICAL9.8⚠ KEVten sam produkt

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to ex...

CVE-2024-22127CRITICAL9.1PL βœ“ten sam produkt

SAP NetWeaver AS Java – command injection przez upload pliku w Log Viewer

CVE-2023-40309CRITICAL9.8ten sam produkt

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...

CVE-2022-22532 β€” Sap β€” Netweaver Application Server Java β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl