Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for SAP NetWeaver and ABAP Platform by SAP SE

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from nvd – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29616 (GCVE-0-2022-29616)

    Vulnerability from nvd – Published: 2022-05-11 15:08 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: 7.49
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Create a notification for this product.
    SAP SE SAP Host Agent Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3145702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                }
              ]
            },
            {
              "product": "SAP Host Agent",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T15:08:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3145702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-29616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Host Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3145702",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3145702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-29616",
        "datePublished": "2022-05-11T15:08:03.000Z",
        "dateReserved": "2022-04-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:06.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22536 (GCVE-0-2022-22536)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2025-10-21 23:15
    Summary
    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    SAP SE SAP Web Dispatcher Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.22EXT
    Affected: 7.86
    Affected: 7.87
    Create a notification for this product.
    SAP SE SAP Content Server Affected: 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3123396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22536",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T20:20:36.420396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:47.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-22536 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-26T03:11:25.429Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3123396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Web Dispatcher",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Content Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3123396",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3123396"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22536",
        "datePublished": "2022-02-09T22:05:24.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:47.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from cvelistv5 – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29616 (GCVE-0-2022-29616)

    Vulnerability from cvelistv5 – Published: 2022-05-11 15:08 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: 7.49
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Create a notification for this product.
    SAP SE SAP Host Agent Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:06.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3145702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                }
              ]
            },
            {
              "product": "SAP Host Agent",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T15:08:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3145702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-29616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Host Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3145702",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3145702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-29616",
        "datePublished": "2022-05-11T15:08:03.000Z",
        "dateReserved": "2022-04-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:06.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22536 (GCVE-0-2022-22536)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2025-10-21 23:15
    Summary
    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    SAP SE SAP Web Dispatcher Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.22EXT
    Affected: 7.86
    Affected: 7.87
    Create a notification for this product.
    SAP SE SAP Content Server Affected: 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3123396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22536",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T20:20:36.420396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:47.646Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22536"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-22536 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-26T03:11:25.429Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3123396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Web Dispatcher",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Content Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim\u0027s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-444"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3123396",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3123396"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22536",
        "datePublished": "2022-02-09T22:05:24.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:47.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }