CVE-2022-22532 is a vulnerability in SAP Netweaver Application Server Java
Published on February 9, 2022
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2022-22532 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2022-22532
Want to know whenever a new CVE is published for SAP Netweaver Application Server Java? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver Application Server Java:- Version KRNL64NUC 7.22 is affected.
- Version 7.22EXT is affected.
- Version 7.49 is affected.
- Version KRNL64UC is affected.
- Version 7.22 is affected.
- Version 7.53 is affected.
- Version KERNEL 7.22 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.