[CVE-2022-22536] – major vulnerability in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
It’s new (08.02.2022) and very important issue becasue CVSS score is 10 (critical). An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
More information You can find here:
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web DispatcherAffected products:
- SAP Web Dispatcher, Versions – 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87
- SAP Content Server, Version – 7.53
- SAP NetWeaver and ABAP Platform, Versions – KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49
You can also check notes: 3123396 and 3137885.
Here You find useful tool.