First published: Wed Feb 09 2022(Updated: )
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver ABAP | =7.22 | |
SAP NetWeaver ABAP | =7.22ext | |
SAP NetWeaver ABAP | =7.49 | |
SAP NetWeaver ABAP | =7.53 | |
SAP NetWeaver ABAP | =7.77 | |
SAP NetWeaver ABAP | =7.81 | |
SAP NetWeaver ABAP | =7.85 | |
SAP NetWeaver ABAP | =7.86 | |
SAP NetWeaver ABAP | =7.87 | |
SAP NetWeaver ABAP | =8.04 | |
SAP NetWeaver ABAP | =krnl64nuc_7.22 | |
SAP NetWeaver ABAP | =krnl64nuc_8.04 | |
SAP NetWeaver AS ABAP | =7.22 | |
SAP NetWeaver AS ABAP | =7.22ext | |
SAP NetWeaver AS ABAP | =7.49 | |
SAP NetWeaver AS ABAP | =7.53 | |
SAP NetWeaver AS ABAP | =7.77 | |
SAP NetWeaver AS ABAP | =7.81 | |
SAP NetWeaver AS ABAP | =7.85 | |
SAP NetWeaver AS ABAP | =7.86 | |
SAP NetWeaver AS ABAP | =7.87 | |
SAP NetWeaver AS ABAP | =8.04 | |
SAP NetWeaver AS ABAP | =krnl64nuc_7.22 | |
SAP NetWeaver AS ABAP | =krnl64nuc_8.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22543 is a vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform that allows the execution of unauthorized actions.
CVE-2022-22543 has a severity rating of high.
CVE-2022-22543 affects SAP NetWeaver ABAP versions 7.22, 7.22ext, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, and 8.04.
Yes, SAP has released a security note with instructions on how to fix CVE-2022-22543.
More information about CVE-2022-22543 can be found in the SAP Security Note [link] and the SAP document [link].