SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3123396 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2022-02-09T22:05:24
Updated: 2023-09-26T03:11:25.429Z
Reserved: 2022-01-04T00:00:00
Link: CVE-2022-22536
JSON object: View
NVD Information
Status : Modified
Published: 2022-02-09T23:15:18.620
Modified: 2023-09-27T15:15:58.430
Link: CVE-2022-22536
JSON object: View
Redhat Information
No data.
CWE