Main Vulnerability Database Exploits ID:11276 - Exploit for Inconsistent interpretation of HTTP requests in SAP products - CVE-2022-22536

ID:11276 - Exploit for Inconsistent interpretation of HTTP requests in SAP products - CVE-2022-22536

Published: April 4, 2025

Vulnerability identifier: #VU78958

Vulnerability risk: Critical

CVE-ID: CVE-2022-22536

CWE-ID: CWE-444

Exploitation vector: Remote access

Vulnerable software:
SAP NetWeaver AS ABAP
SAP NetWeaver AS JAVA
SAP Content Server
SAP Web Dispatcher WEBDISP

Link to public exploit:

https://github.com/BecodoExploit-mrCAT/SAPGateBreaker-Exploit

Vulnerability description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can prepend a victim's request with arbitrary data and execute functions impersonating the victim or poison intermediary Web caches.

Successful exploitation of the vulnerability can result in full system compromise.

Remediation

Install updates from vendor's website.

ID:11276 - Exploit for Inconsistent interpretation of HTTP requests in SAP products - CVE-2022-22536

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human