CVE-2022-22536
Description
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victims request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
93.833
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 7.53 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2022-35294,CVE-2023-35874 are affected in SAP NetWeaver Application Server ABAP krnl64nuc_7.22 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver Application Server ABAP krnl64nuc_7.22ext | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2021-33665,CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP krnl64nuc_7.49 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP krnl64uc_7.22 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver Application Server ABAP krnl64uc_7.22ext | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2021-33665,CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP krnl64uc_7.49 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP krnl64uc_7.53 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2021-33684,CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP krnl64uc_8.04 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2023-0014,CVE-2023-27499 are affected in SAP NetWeaver Application Server ABAP 7.22 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2022-35294 are affected in SAP NetWeaver Application Server ABAP 7.49 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 7.77 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 7.81 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 7.85 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP 7.86 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP 7.87 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver Application Server ABAP 8.04 | Windows |
| Vulnerabilities CVE-2021-33683,CVE-2021-38162,CVE-2022-22536,CVE-2023-33987 are affected in SAP Web Dispatcher 7.49 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.53 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.77 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.81 | Windows |
| Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.85 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2022-28772,CVE-2022-28773 are affected in SAP Web Dispatcher 7.86 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP Web Dispatcher 7.87 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.22 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2022-35294 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.49 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2022-35294,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.53 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2022-35294,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.77 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2022-35294,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.81 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_8.04 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2022-35294,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.85 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.86 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.87 | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) 8.04 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2022-35294,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.22 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.22ext | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.49 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2022-35294,CVE-2023-27499,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.22 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.22ext | Windows |
| Vulnerabilities CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.49 | Windows |
| Vulnerabilities CVE-2022-22536,CVE-2023-35874,CVE-2024-24740 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.53 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2022-35294,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.22 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.22ext | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64nuc_7.49 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.22 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2023-35874 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.22ext | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.49 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2022-22536,CVE-2023-35874,CVE-2024-24740 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_7.53 | Windows |
| Vulnerabilities CVE-2021-33663,CVE-2021-33684,CVE-2022-22536 are affected in SAP NetWeaver and ABAP platform (ST-PI) krnl64uc_8.04 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.81 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.85 | Windows |
| Vulnerabilities CVE-2021-33684,CVE-2022-22536,CVE-2023-0014,CVE-2023-27499 are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.22 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.53 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 7.77 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234