SAP’s ICM (Internet Communication Manager) is vulnerable to these exploits CVE-2022-22536, CVE-2022-22532 and CVE-2022-22533. Security patches have been released for the vulnerabilities on Feb 8th, 2022 by SAP Team. If you are using NetWeaver application within your organization then immediately patch them as these vulnerabilities can be used to exploit the NetWeaver application
CVE-2022-22536 : SAP Products affected by the Request smuggling and request concatenation vulnerability
| SAP Product | Versions | Patched |
|---|---|---|
| SAP Web Dispatcher | 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87 | Patched |
| SAP Content Server | 7.53 | Patched |
| SAP NetWeaver | KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04 | Patched |
| ABAP Platform | 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49 | Patched |
CVE-2022-22532: SAP Products affected by HTTP Request Smuggling
| SAP Product | Versions | Patched |
|---|---|---|
| SAP NetWeaver Application Server | KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53 | Patched |
CVE-2022-22533: Improper error handling in SAP NetWeaver application