HTTP: SAP Internet Communication Manager HTTP Request Smuggling
This signature detects attempts to exploit a known vulnerability against SAP Internet Communication Manager (ICM). A successful attack can lead to security bypass.
Extended Description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Affected Products
Sap netweaver_application_server_abap
Short Name
HTTP:CTS:SAP-ICM-REQ-SMUGGLING
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2022-22536 Communication HTTP Internet Manager Request SAP Smuggling
Release Date
04/25/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3637
False Positive
Rarely
Vendors
Sap
CVSS Score
10.0