⚠ Actively exploited
Added to CISA KEV on 2022-08-18. Federal agencies required to patch by 2022-09-08. Required action: Apply updates per vendor instructions..
CVE-2022-22536
Severity
10.0CRITICAL
EPSS
93.8%
top 0.14%
CISA KEV
KEV
Added 2022-08-18
Due 2022-09-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 9
KEV addedAug 18
KEV dueSep 8
Latest updateApr 2
CISA Required Action: Apply updates per vendor instructions.
Description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the s…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0
Affected Packages6 packages
🔴Vulnerability Details
3💥Exploits & PoCs
2Nuclei▶
SAP Memory Pipes (MPI) Desynchronization
🔍Detection Rules
2📋Vendor Advisories
1🕵️Threat Intelligence
1Unit42▶
Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More↗2022-08-19