CVE-2022-28773
First published: Tue Apr 12 2022(Updated: )
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =7.22ext | |
| SAP NetWeaver | =7.49 | |
| SAP NetWeaver | =7.53 | |
| SAP NetWeaver | =7.77 | |
| SAP NetWeaver | =7.81 | |
| SAP NetWeaver | =7.85 | |
| SAP NetWeaver | =7.86 | |
| SAP NetWeaver | =kernel_7.22 | |
| SAP NetWeaver | =krnl64nuc_7.22 | |
| SAP NetWeaver | =krnl64uc_7.22 | |
| SAP Web Dispatcher | =7.53 | |
| SAP Web Dispatcher | =7.77 | |
| SAP Web Dispatcher | =7.81 | |
| SAP Web Dispatcher | =7.85 | |
| SAP Web Dispatcher | =7.86 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-28773.
What is the severity of CVE-2022-28773?
The severity of CVE-2022-28773 is high with a severity value of 7.5.
Which software versions are affected by CVE-2022-28773?
The following SAP NetWeaver and SAP Web Dispatcher versions are affected: 7.22ext, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, kernel_7.22, krnl64nuc_7.22, krnl64uc_7.22, 7.53, 7.77, 7.81, 7.85, and 7.86.
How can CVE-2022-28773 impact an application?
CVE-2022-28773 can cause the application to crash, leading to denial of service, but it can be automatically restarted.
How can I fix CVE-2022-28773?
To fix CVE-2022-28773, apply the necessary patches provided by SAP and follow their recommended mitigation measures.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.22ext
- version/sap netweaver/7.49
- version/sap netweaver/7.53
- version/sap netweaver/7.77
- version/sap netweaver/7.81
- version/sap netweaver/7.85
- version/sap netweaver/7.86
- version/sap netweaver/kernel_7.22
- version/sap netweaver/krnl64nuc_7.22
- version/sap netweaver/krnl64uc_7.22
- canonical/sap web dispatcher
- version/sap web dispatcher/7.53
- version/sap web dispatcher/7.77
- version/sap web dispatcher/7.81
- version/sap web dispatcher/7.85
- version/sap web dispatcher/7.86