PT-2022-1739 · Sap · Sap Netweaver Application Server Abap+4
Published
2022-02-09
·
Updated
2025-05-05
·
CVE-2022-22536
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server ABAP versions 7.53 and earlier
SAP NetWeaver Application Server Java versions 7.53 and earlier
ABAP Platform versions 7.53 and earlier
SAP Content Server versions 7.53 and earlier
SAP Web Dispatcher versions 7.53 and earlier
Description
An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing the attacker to execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity, and Availability of the system.
Recommendations
SAP NetWeaver Application Server ABAP versions 7.53 and earlier: Update to a version that includes the security patch for request smuggling and request concatenation.
SAP NetWeaver Application Server Java versions 7.53 and earlier: Update to a version that includes the security patch for request smuggling and request concatenation.
ABAP Platform versions 7.53 and earlier: Update to a version that includes the security patch for request smuggling and request concatenation.
SAP Content Server versions 7.53 and earlier: Update to a version that includes the security patch for request smuggling and request concatenation.
SAP Web Dispatcher versions 7.53 and earlier: Update to a version that includes the security patch for request smuggling and request concatenation.
Exploit
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abap Platform
Sap Content Server
Sap Netweaver Application Server Abap
Sap Netweaver Application Server Java
Sap Web Dispatcher