← Retour aux CVEs
CVE-2022-22536
CRITICALCISA KEV10.0
Description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/9/2022
Derniere modification2/25/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurSAP
ProduitMultiple Products
Nom vulnerabiliteSAP Multiple Products HTTP Request Smuggling Vulnerability
Date ajout KEV2022-08-18
Date limite remediation2022-09-08
Utilise dans ransomwareUnknown
Produits affectes
sap:content_serversap:netweaver_application_server_abapsap:web_dispatcher
Faiblesses (CWE)
CWE-444CWE-444
References
https://launchpad.support.sap.com/#/notes/3123396(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3123396(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.