Vulnerability Details : CVE-2022-22536
Public exploit exists!
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Products affected by CVE-2022-22536
- cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.86:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:7.87:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_application_server_abap:8.04:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*
- cpe:2.3:a:sap:web_dispatcher:7.87:*:*:*:*:*:*:*
CVE-2022-22536 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
SAP Multiple Products HTTP Request Smuggling Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victi
Notes:
SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536
Added on
2022-08-18
Action due date
2022-09-08
Exploit prediction scoring system (EPSS) score for CVE-2022-22536
95.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-29 |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2022-22536
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: cna@sap.com (Secondary)
References for CVE-2022-22536
-
https://launchpad.support.sap.com/#/notes/3123396
SAP ONE Support Launchpad: Log OnPermissions Required
-
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
SAP Patch Day BlogNot Applicable;Vendor Advisory
Jump to