Skip to content

SAP’s Internet Communication Manager (ICM) Vulnerability | Affected Versions & Patches

SAP’s ICM (Internet Communication Manager) is vulnerable to these exploits CVE-2022-22536, CVE-2022-22532 and CVE-2022-22533. Security patches have been released for the vulnerabilities on Feb 8th, 2022 by SAP Team. If you are using NetWeaver application within your organization then immediately patch them as these vulnerabilities can be used to exploit the NetWeaver application

CVE-2022-22536 : SAP Products affected by the Request smuggling and request concatenation vulnerability

SAP ProductVersionsPatched
SAP Web Dispatcher7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87Patched
SAP Content Server7.53Patched
SAP NetWeaverKERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04Patched
ABAP Platform7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49Patched

CVE-2022-22532: SAP Products affected by HTTP Request Smuggling

SAP ProductVersions Patched
SAP NetWeaver Application ServerKRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53Patched

CVE-2022-22533: Improper error handling in SAP NetWeaver application