SAP released a security update in February for a vulnerability that is currently being exploited in several SAP Products. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in a complete compromise of confidentiality, integrity, and availability of the system.

For a complete description of the vulnerabilities and affected systems go to CVE-2022-22536.

IT Security

Read more about IT Security service offerings.