[CVE-2022-22536] – major vulnerability in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

It’s new (08.02.2022) and very important issue becasue CVSS score is 10 (critical). An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack  could result in complete compromise of Confidentiality, Integrity and Availability of the system.

More information You can find here:

[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher     

Affected products:

  • SAP Web Dispatcher, Versions – 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87
  • SAP Content Server, Version – 7.53
  • SAP NetWeaver and ABAP Platform, Versions – KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49

You can also check notes: 3123396 and 3137885.

Here You find useful tool.

Copyright © 2023. SAPBasisWorld.com Privacy Policy