This content is viewable by Everyone
Vulnerability in SAP Actively Exploited
SAP released a security update in February for a vulnerability that is currently being exploited in several SAP Products. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in a complete compromise of confidentiality, integrity, and availability of the system.
For a complete description of the vulnerabilities and affected systems go to CVE-2022-22536.