FKIE_CVE-2022-22536

Vulnerability from fkie_nvd - Published: 2022-02-09 23:15 - Updated: 2025-11-03 18:59
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
References
cna@sap.comhttps://launchpad.support.sap.com/#/notes/3123396Permissions Required
cna@sap.comhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlNot Applicable, Vendor Advisory, Broken Link
af854a3a-2127-422b-91ae-364da2661108https://launchpad.support.sap.com/#/notes/3123396Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlNot Applicable, Vendor Advisory, Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536US Government Resource
Impacted products
Vendor Product Version
sap content_server 7.53
sap netweaver_application_server_abap 7.22
sap netweaver_application_server_abap 7.49
sap netweaver_application_server_abap 7.53
sap netweaver_application_server_abap 7.77
sap netweaver_application_server_abap 7.81
sap netweaver_application_server_abap 7.85
sap netweaver_application_server_abap 7.86
sap netweaver_application_server_abap 7.87
sap netweaver_application_server_abap 8.04
sap netweaver_application_server_abap krnl64nuc_7.22
sap netweaver_application_server_abap krnl64nuc_7.22ext
sap netweaver_application_server_abap krnl64nuc_7.49
sap netweaver_application_server_abap krnl64uc_7.22
sap netweaver_application_server_abap krnl64uc_7.22ext
sap netweaver_application_server_abap krnl64uc_7.49
sap netweaver_application_server_abap krnl64uc_7.53
sap netweaver_application_server_abap krnl64uc_8.04
sap web_dispatcher 7.22ext
sap web_dispatcher 7.49
sap web_dispatcher 7.53
sap web_dispatcher 7.77
sap web_dispatcher 7.81
sap web_dispatcher 7.85
sap web_dispatcher 7.86
sap web_dispatcher 7.87
To clipboard 

{
  "cisaActionDue": "2022-09-08",
  "cisaExploitAdd": "2022-08-18",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "SAP Multiple Products HTTP Request Smuggling Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02FB973-7FA0-4881-B912-27F4CFBDC673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC578BE-2308-491E-9D56-6B45AFF0FCFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0E10A3-591A-4FA7-9B98-D54C3D6C63FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "150B6370-F18A-4657-95ED-D969BF7C39CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "12974FFA-3168-4A80-ACFB-D5E065A89383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D5BECF-C4BA-44C7-9AD7-56865DD9AD60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7E91DE-A52F-4E57-8397-7670E30C8B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB478A3C-4DD5-4F42-B2F1-9B7CCBA1B995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "23257C18-B75C-471C-9EAF-1E86DEE845FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01290A1-3C1B-4AF7-9284-C164BDEC85A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5F8B53-ECAD-4CD2-8F91-25112569C056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADE160BD-659F-4517-B625-61CFB2FBD456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3F76E6A-2F27-450C-AAB5-E49A64079CAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4A7850-377C-4463-A5D7-07F516FBD74A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "327A87AD-6635-4511-8505-F4418CD9D49C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "324C32FF-6F89-401F-9ADD-57A68320E06D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\n\n"
    },
    {
      "lang": "es",
      "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 y SAP Web Dispatcher son vulnerables para el contrabando de peticiones y la concatenaci\u00f3n de peticiones. Un atacante no autenticado puede a\u00f1adir datos arbitrarios a la petici\u00f3n de la v\u00edctima. De este modo, el atacante puede ejecutar funciones suplantando a la v\u00edctima o envenenar las cach\u00e9s web intermediarias. Un ataque con \u00e9xito podr\u00eda resultar en el compromiso completo de la Confidencialidad, Integridad y Disponibilidad del sistema"
    }
  ],
  "id": "CVE-2022-22536",
  "lastModified": "2025-11-03T18:59:56.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-02-09T23:15:18.620",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3123396"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Not Applicable",
        "Vendor Advisory",
        "Broken Link"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3123396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Vendor Advisory",
        "Broken Link"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "cna@sap.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.