CVE-2022-22536
critical-risk
Published 2022-02-09
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Do I need to act?
!
93.8% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Web Dispatcher
Web Dispatcher
Affected Vendors
References (5)
Permissions Required
https://launchpad.support.sap.com/#/notes/3123396
Permissions Required
https://launchpad.support.sap.com/#/notes/3123396
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-...
81
/ 100
critical-risk
Severity
33/34 · Critical
Exploitability
27/34 · High
Exposure
21/34 · High