CVE-2022-22536
SAP Multiple Products HTTP Request Smuggling Vulnerability
CVSS
—
No CVSS
EPSS
97.9%
p100
KEV
YES
Aug 18, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
SAP / Multiple Products
Vulnerability
SAP Multiple Products HTTP Request Smuggling Vulnerability
Added to KEV
Aug 18, 2022
Remediate by
Sep 8, 2022
Known ransomware use
No
Summary description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.
Required action
Apply updates per vendor instructions.
Notes
SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536
No related CVEs by CWE or product.