Rapid7 Vulnerability & Exploit Database

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

02/08/2022

Created

04/08/2022

Added

04/07/2022

Modified

11/23/2022

Description

SAP NetWeaver AS JAVA, versions - 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 8.04, are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

Solution(s)

sap-netweaver-as-java-upgrade-latest

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.