Lucene search

K

SAP NetWeaver AS Desynchronization (ICMAD)

πŸ—“οΈΒ 09 Feb 2022Β 00:00:00Reported byΒ This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 67Β Views

SAP NetWeaver AS Desynchronization vulnerabilit

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2022-22536
9 Feb 202223:15
–nvd
CISA KEV Catalog
SAP Multiple Products HTTP Request Smuggling Vulnerability
18 Aug 202200:00
–cisa_kev
AttackerKB
CVE-2022-22536
9 Feb 202200:00
–attackerkb
GithubExploit
Exploit for HTTP Request Smuggling in Sap Content Server
2 Apr 202216:12
–githubexploit
GithubExploit
Exploit for HTTP Request Smuggling in Sap Content Server
15 Feb 202209:22
–githubexploit
Nuclei
SAP Memory Pipes (MPI) Desynchronization
25 Feb 202217:59
–nuclei
Check Point Advisories
SAP NetWeaver Application Server Remote Code Execution (CVE-2022-22536)
17 Feb 202200:00
–checkpoint_advisories
Prion
Design/Logic Flaw
9 Feb 202223:15
–prion
Cvelist
CVE-2022-22536
9 Feb 202222:05
–cvelist
CVE
CVE-2022-22536
9 Feb 202223:15
–cve
Rows per page
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(157848);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2022-22536");
  script_xref(name:"IAVA", value:"2022-A-0063");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/08");
  script_xref(name:"CEA-ID", value:"CEA-2022-0006");

  script_name(english:"SAP NetWeaver AS Desynchronization (ICMAD)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver application server is affected by a desynchronization vulnerability.");
  script_set_attribute(attribute:"description", value:
"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53
and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.

An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute 
functions impersonating the victim or poison intermediary Web caches. A successful attack  could result in complete 
compromise of Confidentiality, Integrity and Availability of the system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://blogs.sap.com/2022/02/08/sap-partners-with-onapsis-to-identify-and-patch-cybersecurity-vulnerabilities/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0c19cc7");
  script_set_attribute(attribute:"see_also", value:"https://launchpad.support.sap.com/#/notes/3123396");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22536");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_netweaver_as_web_detect.nbin");
  script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 8000, 50000);

  exit(0);
}

include('vcf_extras_sap.inc');

var app_info = vcf::sap_netweaver_as::get_app_info(kernel:TRUE);

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var fix = 'See vendor advisory';

# Kernel constraints
var constraints = [
    {'equal' : '7.22', 'fixed_display' : fix },
    {'equal' : '7.49', 'fixed_display' : fix },
    {'equal' : '7.53', 'fixed_display' : fix },
    {'equal' : '7.77', 'fixed_display' : fix },
    {'equal' : '7.81', 'fixed_display' : fix },
    {'min_version' : '7.85', 'max_version' : '7.87', 'fixed_display' : fix },
    {'equal' : '8.04', 'fixed_display' : fix }
];

vcf::sap_netweaver_as::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE,
  kernel:TRUE
);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo