// For flags

CVE-2022-22532

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.

En SAP NetWeaver Application Server Java - versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, un atacante no autenticado podría enviar una petición de servidor HTTP diseñada que desencadene una administración inapropiada del búfer de memoria compartida. Esto podría permitir una ejecución de la carga útil maliciosa y, por lo tanto, ejecutar funciones que podrían suplantar a la víctima o incluso robar la sesión de inicio de sesión de la víctima

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-04 CVE Reserved
  • 2022-02-09 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
7.22
Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.22"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
7.49
Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.49"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
7.53
Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.53"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64nuc_7.22
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64nuc_7.22"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64nuc_7.22ext
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64nuc_7.22ext"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64nuc_7.49
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64nuc_7.49"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64uc_7.22
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64uc_7.22"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64uc_7.22ext
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64uc_7.22ext"
-
Affected
Sap
Search vendor "Sap"
Netweaver Application Server Java
Search vendor "Sap" for product "Netweaver Application Server Java"
krnl64uc_7.49
Search vendor "Sap" for product "Netweaver Application Server Java" and version "krnl64uc_7.49"
-
Affected