Australian Cyber Security Centre
Background / What has happened?
The ACSC is aware of a vulnerability (CVE-2022-22536) affecting SAP products that use certain versions of SAP Internet Communication Manager (ICM). These products include:
• SAP Web Dispatcher
• SAP Content Server
• SAP NetWeaver and ABAP Platform
Successful exploitation of this vulnerability could allow an unauthenticated malicious actor to impersonate users of a vulnerable SAP system. Exploitation could result in disrupted operations, data theft, fraud, ransomware or denial-of-service against critical systems.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of SAP and apply the vendor's patches as a high priority.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
