Quick Patching Needed to Resolve Critical SAP Vulnerabilities

The German business software company SAP has introduced patches to resolve a number of critical vulnerabilities that have an effect on SAP programs that make use of the SAP Internet Communications Manager (ICM). Experts at Onapsis Research Labs discovered the vulnerabilities, which were referred to as the vulnerabilities ICMAD (Internet Communications Manager Advanced Desync). The three vulnerabilities can be taken advantage of to obtain remote code execution, which would enable remote attackers to completely expose vulnerable SAP programs.

The vulnerabilities impact these SAP software:

SAP NetWeaver AS ABAP
SAP Content Server 7.53
SAP Web Dispatcher
SAP NetWeaver AS Java
ABAP Platform

The vulnerabilities can be exploited to acquire victim sessions and information in plain text, alter the behavior of programs, get PHI and sensitive business data, and bring about denial-of-service. CVE-2022-22536 is the most critical vulnerability among the three and was designated the highest CVSS severity score of 10/10. Onapsis mentioned that an unauthenticated attacker may effortlessly exploit the vulnerability on SAP applications with the default settings by transmitting just one request by way of the typically exposed HTTP(S) service.

If business software permits HTTP(S) access, the most typical setting is for an HTTP(S) proxy to be placed between customers and the backend SAP system, and this configuration enables the vulnerability to be taken advantage of. The second vulnerability, tracked as CVE-2022-22532 (CVSS 8.1) could also be exploited in this setting, and possibly without proxies. The last vulnerability monitored as CVE-2022-22533 (No CVSS score at this time) may likewise cause remote code execution.

The vulnerabilities were determined while investigating HTTP smuggling tactics, which the researchers confirmed may be leveraged utilizing requests that closely copy legit HTTP requests. Consequently, these attacks will be challenging for security teams to find. Furthermore, the vulnerabilities are quite simple to take advantage of.

SAP applications are greatly utilized by businesses, such as in the healthcare business. When vulnerabilities are identified, hackers can easily exploit them to acquire access to programs to steal information or paralyze business systems. In many cases, the initial exploits of SAP vulnerabilities take place within 72 hours of issuing patches.

SAP applications are employed to handle business processes and in medical care, the applications usually include protected health information (PHI). Vulnerabilities in SAP software could consequently be exploited to steal patient files.

SAP and Onapsis have told all firms employing vulnerable SAP programs to implement the patches promptly to avert exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has furthermore given a warning concerning the vulnerabilities recommending speedy patching. Companies must prioritize patching impacted systems that are subject to untrusted systems, including the Web. Onapsis has launched a free, open-source scanning tool that companies can utilize to find out if they are susceptible to ICMAD exploits.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone