CVE-2022-22536

CVE Published	2022-02-09
Related CWE(s)	CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Related Vendor(s)	sap
Related Product(s)	netweaver_application_server_abap, web_dispatcher, content_server
Exploitation Reported (CISA KEV)	2022-08-18
CVSS 3 Base Score	10.0 (CRITICAL)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

HTTP Request Smuggling (CAPEC-33)

An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server). See CanPrecede relationships for possible consequences.

HTTP Response Smuggling (CAPEC-273)

An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server). See CanPrecede relationships for possible consequences.

References

CVE-2022-22536

Cyber Threat Graph Context

Associated CAPEC Patterns

HTTP Request Smuggling (CAPEC-33)

HTTP Response Smuggling (CAPEC-273)

References

CVE.org

NIST National Vulnerability Database

CISA Known Exploited Vulnerabilities