SAP Knowledge Base Article - Preview

3259998 - CVE-2022-42889 - AS Java Core Components' impact for Apache Commons Text vulnerability


You are curious whether your SAP NetWeaver Application Server Java system is affected by CVE-2022-42889 security vulnerability.



    • SAP NetWeaver Appliation Server Java 7.50
    • Apache Commons Text performs 1.5-1.9
    • SAP Java Virtual Machine 8.1


    SAP Java Virtual Machine all versions ; SAP NetWeaver Application Server for Java all versions


    CVSS 3.x Severity and Metrics, CVSS 3.x, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, CWE-94, StringLookup, org.apache.commons.text.lookup.StringLookup , KBA , BC-JAS-COR , Enterprise Runtime, Core J2EE Framework , BC-JVM , SAP Java Virtual Machine , Problem

    About this page

    This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

    Search for additional results

    Visit SAP Support Portal's SAP Notes and KBA Search.