• NL
  • FR
  • DE
  • EN
www.belgium.be Logo of the federal government

Warning: 3 critical vulnerabilities in SAP Netweaver Application Server

Reference: 
Advisory #2022-003
Version: 
1.0
Affected software: 
SAP Internet Communication Manager (ICM), a component of an SAP NetWeaver Application
Type: 
Remote Code Execution and Denial-of-Service
CVE/CVSS: 

 

  • CVE-2022-22536 | CVSS 10.0 | Vulnerable for request smuggling and request concatenation
  • CVE-2022-22532 |CVSS  8.1   |  Improper shared memory buffer handling
  • CVE-2022-22533 | CVSS 7.5   | Memory leak in memory pipe management that could lead to denial of service

 

Date: 
10/02/2022

Sources

 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022

Risks

  • An unauthenticated remote attacker could exploit CVE-2022-22536, a memory pipes (MPI) desynchronization vulnerability, using a simple HTTP request and achieve full system takeover;
  • An attacker could exploit CVE-2022-22533, a memory leak in the memory pipe management, using specially crafted HTTP(S) requests to consume all MPI resources.
  • CVE-2022-22532, an HTTP request smuggling vulnerability in the ICM component, does not require authentication or user interaction to exploit and could lead to remote code execution;

Description

On February 8, SAP disclosed several vulnerabilities in the Internet Communication Manager (ICM), a critical component of its NetWeaver Application Server. SAP applications manage critical business processes. SAP Netweaver is an application and integration server that acts as the software stack for most of SAP’s applications, including solutions for critical business functions such as enterprise resource planning, customer relationship management and supply chain management.

Onapsis released a threat report regarding the vulnerabilities they discovered within the SAP ICM, SAP included updates for these flaws in their most recent patch day. The Cybersecurity and Infrastructure Security Agency issued an immediate warning, stating that exploitation of these vulnerabilities could result in theft of sensitive data, fraud, disruption of operations and ransomware.

Recommended Actions

The Centre for Cyber security Belgium recommends installing updates for the SAP Netweaver Server with the highest priority. Updates can be found on: SAP Advisory.

Onapsis also released an open-source tool to identify vulnerable systems within your environment.

References

Onapsis Scanner Script https://github.com/Onapsis/onapsis_icmad_scanner
Sap Community Wiki https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Tenable https://www.tenable.com/blog/cve-2022-22536-sap-patches-internet-communication-manager-advanced-desync-icmad
The Record https://therecord.media/cisa-and-sap-warn-about-major-vulnerability/