Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for SAP Content Server by SAP SE

    CVE-2022-22536 (GCVE-0-2022-22536)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-10-21 23:15
    VLAI CISA Shadowserver KEVIntel
    Summary
    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    SAP SE SAP Web Dispatcher Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.22EXT
    Affected: 7.86
    Affected: 7.87
    Create a notification for this product.
    SAP SE SAP Content Server Affected: 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3123396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22536",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T20:20:36.420396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:47.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-22536 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-26T03:11:25.429Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3123396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Web Dispatcher",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Content Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3123396",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3123396"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22536",
        "datePublished": "2022-02-09T22:05:24.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:47.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22536 (GCVE-0-2022-22536)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-10-21 23:15
    VLAI CISA Shadowserver KEVIntel
    Summary
    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    SAP SE SAP Web Dispatcher Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.22EXT
    Affected: 7.86
    Affected: 7.87
    Create a notification for this product.
    SAP SE SAP Content Server Affected: 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3123396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22536",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T20:20:36.420396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:47.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-22536 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-26T03:11:25.429Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3123396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Web Dispatcher",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Content Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3123396",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3123396"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22536",
        "datePublished": "2022-02-09T22:05:24.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:47.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }