[CVE-2022-22536] – major vulnerability in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
It’s new (08.02.2022) and very important issue becasue CVSS score is 10 (critical). An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Read More