CVE-2022-22536 — SAP Multiple Products HTTP Request Smuggling Vulnerability
2022-08-18 • CISA Known Exploited Vulnerability
[event] SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | SAP |
| Product | Multiple Products |
| CWE | CWE-444 |
| CVE ID | CVE-2022-22536 |
| Date Added | 2022-08-18 |
| Due Date | 2022-09-08 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-09-08