Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in SAP Internet Communication Manager (ICM)
Alerts

Critical Vulnerability in SAP Internet Communication Manager (ICM)

10 February 2022

SAP has released security updates to address a critical vulnerability (CVE-2022-22536) affecting SAP applications using SAP Internet Communication Manager (ICM). The vulnerability has a maximum Common Vulnerability Scoring System (CVSS) score of 10 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to use malformed packets that trick SAP servers into exposing sensitive data.

The following products are affected by this vulnerability:

  • SAP Content Server version 7.53;

  • SAP NetWeaver and ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49; and

  • SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87

Administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:

https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022

https://therecord.media/cisa-and-sap-warn-about-major-vulnerability/

https://onapsis.com/icmad-sap-cybersecurity-vulnerabilities

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing


Back to top