3227298 - CVE-2022-22970 and CVE-2022-22971 vulnerabilities are detected in HANA XSA server

Symptom

1. A security scan is done on HANA server and the report shows warning for CVE-2022-22970 and CVE-2022-22971 vulnerabilities .

https://tanzu.vmware.com/security/cve-2022-22970

https://tanzu.vmware.com/security/cve-2022-22971

2. These vulnerabilities are regarding spring-core library.

Environment

SAP HANA XS, advanced model

Product

SAP HANA, platform edition all versions

Keywords

DoS, Denial of Service, spring, Data Binding, Spring Framework Advisory, host scanned, CVE-2022-22970, CVE-2022-22971 , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , BC-XS-SEC , UAA and Security for HANA XSA engine , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.