logo

CVE-2022-22536 - SAP Multiple Products HTTP Request Smuggling Vulnerability

SAP | Multiple Products

  • Date Added:
  • 2022-08-18
  • Due Date:
  • 2022-09-08
Vulnerability Name

SAP Multiple Products HTTP Request Smuggling Vulnerability

Description

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536

Free online web security scanner