Rapid7 Vulnerability & Exploit Database

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

Back to Search

SAP NetWeaver AS JAVA CVE-2022-22536: Request Smuggling And Request Concatenation

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
02/08/2022
Created
04/08/2022
Added
04/07/2022
Modified
04/08/2022

Description

SAP NetWeaver AS JAVA, versions - 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 8.04, are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

Solution(s)

  • sap-netweaver-as-java-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;