← Zuruck zu CVEs

CVE-2022-22536

CRITICALCISA KEV

10.0

Beschreibung

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

CVE Details

CVSS v3.1 Bewertung10.0

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/9/2022

Zuletzt geandert2/25/2026

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerSAP

ProduktMultiple Products

SchwachstellennameSAP Multiple Products HTTP Request Smuggling Vulnerability

KEV Aufnahmedatum2022-08-18

Behebungsfrist2022-09-08

Ransomware-NutzungUnknown

Betroffene Produkte

sap:content_serversap:netweaver_application_server_abapsap:web_dispatcher

Schwachen (CWE)

CWE-444CWE-444

Referenzen

https://launchpad.support.sap.com/#/notes/3123396(cna@sap.com)

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(cna@sap.com)

https://launchpad.support.sap.com/#/notes/3123396(af854a3a-2127-422b-91ae-364da2661108)

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.