Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-22536

Опубликовано: 09 фев. 2022
Источник: nvd
CVSS3: 10
CVSS3: 9.8
CVSS2: 10
EPSS Критический

Описание

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.87:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.87:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.93833
Критический

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-444

Связанные уязвимости

github логотип

GHSA-6hc3-539h-6xc6

CVSS3: 10
github
почти 4 года назад

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

fstec логотип

BDU:2022-01015

CVSS3: 10
fstec
почти 4 года назад

Уязвимость программной интеграционной платформы SAP NetWeaver, сервера содержимого SAP Content Server, веб-диспетчера SAP Web Dispatcher, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю внедрить произвольный код

EPSS

Процентиль: 100%
0.93833
Критический

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-444