CVE-2022-22536

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Feb 9, 2022

Updated: Jun 28, 2024

CWE ID 444

Summary

CVE-2022-22536 is a vulnerability affecting SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. An unauthenticated attacker can exploit this issue by smuggling or concatenating requests, allowing them to prepend arbitrary data to a victim's request. This manipulation can lead to the execution of unauthorized functions on behalf of the victim, potentially resulting in a complete compromise of the targeted system's Confidentiality, Integrity, and Availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Sap Netweaver Application Server Abap
SAP Web Dispatcher
SAP Content Server

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

Back to Vulnerability Database