← Voltar para CVEs
CVE-2022-22536
CRITICALCISA KEV10.0
Descricao
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/9/2022
Ultima modificacao2/25/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSAP
ProdutoMultiple Products
Nome da vulnerabilidadeSAP Multiple Products HTTP Request Smuggling Vulnerability
Data inclusao KEV2022-08-18
Prazo de remediacao2022-09-08
Uso em ransomwareUnknown
Produtos afetados
sap:content_serversap:netweaver_application_server_abapsap:web_dispatcher
Fraquezas (CWE)
CWE-444CWE-444
Referencias
https://launchpad.support.sap.com/#/notes/3123396(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3123396(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.