Background / What has happened?
The ACSC is aware of a vulnerability (CVE-2022-22536) affecting SAP products that use certain versions of SAP Internet Communication Manager (ICM). These products include:
• SAP Web Dispatcher
• SAP Content Server
• SAP NetWeaver and ABAP Platform
Successful exploitation of this vulnerability could allow an unauthenticated malicious actor to impersonate users of a vulnerable SAP system. Exploitation could result in disrupted operations, data theft, fraud, ransomware or denial-of-service against critical systems.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of SAP and apply the vendor’s patches as a high priority.
/Public Release. View in full here.