/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
You are curious whether your SAP NetWeaver Enterprise Portal system is affected by Spring Core Remote Code Execution vulnerability exploited In the wild (SpringShell). See documentation: CVE-2022-22965.
- Vulnerability CVE-2022-22965
- How does this impact SAP NetWeaver Enterprise Portal system
Read more...
Environment
Affected Software and Versions / Existing proofs of concept (PoCs) for exploitation work under the following conditions:
- JDK 9 or higher
- Apache Tomcat as the Servlet container
- Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
- spring-webmvc or spring-webflux dependency
- Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
Product
SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5
Keywords
CVE-2022-22965, EP, Enterprise Portal, Spring Core Remote Code Execution, SpringShell , KBA , EP-PIN-NAV , Navigation , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)