{"id":1819,"date":"2022-02-11T15:02:50","date_gmt":"2022-02-11T14:02:50","guid":{"rendered":"https:\/\/sast-solutions.com\/blog-en\/?p=1819"},"modified":"2022-02-11T15:02:50","modified_gmt":"2022-02-11T14:02:50","slug":"sap-february-patch-day-highly-critical-vulnerability-in-core-component-threatens-central-sap-products","status":"publish","type":"post","link":"https:\/\/sast-solutions.com\/blog-en\/2022\/02\/11\/sap-february-patch-day-highly-critical-vulnerability-in-core-component-threatens-central-sap-products\/","title":{"rendered":"SAP February patch day: Highly critical vulnerability in core component threatens central SAP products (key word: ICMAD) \u2013 act immediately!"},"content":{"rendered":"

\"SASTA major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S\/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!<\/p>\n

<\/p>\n

 <\/p>\n

Attackers who exploit vulnerabilities in the ERP software can compromise computers fully. Attacks are possible from both intranet and internet, without requiring verification. All SAP users should act immediately and patch their systems!<\/p>\n

Act immediately to avoid disastrous consequences<\/strong><\/h2>\n

In its alert, the CISA states that attackers could infect systems with ransomware, among other risks. The agency also warns against potential financial fraud and disruption of mission-critical business processes. It is unknown whether attacks have already occurred.<\/p>\n

The critical vulnerability (CVE-2022-22536 CVSS, score 10\/10) involves the SAP Internet Communication Manager (ICM). This core component is used by Content Server, NetWeaver ABAP and JAVA, and Web Dispatcher, among other products.<\/p>\n

Attackers can bypass authentication, manipulating user requests and executing functions in the name of the victim. It can fully compromise systems.<\/p>\n

Sources:<\/p>\n

https:\/\/www.heise.de\/news\/Jetzt-patchen-Kritische-Luecke-in-Kernkomponente-bedroht-SAP-Produkte-6369582.html<\/a><\/p>\n

https:\/\/securityboulevard.com\/2022\/02\/sap-security-patch-day-february-2022-severe-http-smuggling-vulnerabilities-in-sap-netweaver\/<\/a> and security SAP notes.<\/p>\n

The Security Notes 3123396 and 3123427, declared as Security Notes from the patch day on February 8, 2022, provide detailed information as to how to proceed:<\/p>\n

3123396 \u2013 Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher [CVE-2022-22536]<\/strong><\/p>\n

Please assess the workaround applicability for your SAP landscape prior to implementation. SAP note 3137885 describes a workaround.<\/p>\n

Note that this workaround is a temporary fix and is not a permanent solution. SAP strongly recommends using it only if a patch of the affected application systems is not possible on short notice. SAP strongly recommends that you apply the corrections outlined in the security note, which can be done in lieu of the workaround or after the workaround is implemented.<\/p>\n

Install the patch in the systems as soon as possible and remove the workaround once patching is complete!<\/strong><\/p>\n

This correction is delivered with the following archives:<\/p>\n