Vulnerability Description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Content Server | 7.53 |
| Sap | Netweaver Application Server Abap | 7.22 |
| Sap | Web Dispatcher | 7.22ext |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3123396Permissions Required
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlBroken LinkNot ApplicableVendor Advisory
- https://launchpad.support.sap.com/#/notes/3123396Permissions Required
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlBroken LinkNot ApplicableVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-22536?
CVE-2022-22536 is a vulnerability with a CVSS score of 10.0 (CRITICAL). SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenati...
How severe is CVE-2022-22536?
CVE-2022-22536 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22536?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Content Server, Sap Netweaver Application Server Abap, Sap Web Dispatcher.