SAP NetWeaver AS Desynchronization vulnerabilit
Reporter | Title | Published | Views | Family All 20 |
---|---|---|---|---|
NVD | CVE-2022-22536 | 9 Feb 202223:15 | β | nvd |
CISA KEV Catalog | SAP Multiple Products HTTP Request Smuggling Vulnerability | 18 Aug 202200:00 | β | cisa_kev |
AttackerKB | CVE-2022-22536 | 9 Feb 202200:00 | β | attackerkb |
GithubExploit | Exploit for HTTP Request Smuggling in Sap Content Server | 2 Apr 202216:12 | β | githubexploit |
GithubExploit | Exploit for HTTP Request Smuggling in Sap Content Server | 15 Feb 202209:22 | β | githubexploit |
Nuclei | SAP Memory Pipes (MPI) Desynchronization | 25 Feb 202217:59 | β | nuclei |
Check Point Advisories | SAP NetWeaver Application Server Remote Code Execution (CVE-2022-22536) | 17 Feb 202200:00 | β | checkpoint_advisories |
Prion | Design/Logic Flaw | 9 Feb 202223:15 | β | prion |
Cvelist | CVE-2022-22536 | 9 Feb 202222:05 | β | cvelist |
CVE | CVE-2022-22536 | 9 Feb 202223:15 | β | cve |
Source | Link |
---|---|
nessus | www.nessus.org/u |
launchpad | www.launchpad.support.sap.com/ |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157848);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2022-22536");
script_xref(name:"IAVA", value:"2022-A-0063");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/08");
script_xref(name:"CEA-ID", value:"CEA-2022-0006");
script_name(english:"SAP NetWeaver AS Desynchronization (ICMAD)");
script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver application server is affected by a desynchronization vulnerability.");
script_set_attribute(attribute:"description", value:
"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53
and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute
functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete
compromise of Confidentiality, Integrity and Availability of the system.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://blogs.sap.com/2022/02/08/sap-partners-with-onapsis-to-identify-and-patch-cybersecurity-vulnerabilities/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0c19cc7");
script_set_attribute(attribute:"see_also", value:"https://launchpad.support.sap.com/#/notes/3123396");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22536");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_netweaver_as_web_detect.nbin");
script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 8000, 50000);
exit(0);
}
include('vcf_extras_sap.inc');
var app_info = vcf::sap_netweaver_as::get_app_info(kernel:TRUE);
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var fix = 'See vendor advisory';
# Kernel constraints
var constraints = [
{'equal' : '7.22', 'fixed_display' : fix },
{'equal' : '7.49', 'fixed_display' : fix },
{'equal' : '7.53', 'fixed_display' : fix },
{'equal' : '7.77', 'fixed_display' : fix },
{'equal' : '7.81', 'fixed_display' : fix },
{'min_version' : '7.85', 'max_version' : '7.87', 'fixed_display' : fix },
{'equal' : '8.04', 'fixed_display' : fix }
];
vcf::sap_netweaver_as::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE,
kernel:TRUE
);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo