Onapsis partners with SAP to swiftly detect and address critical ICMAD vulnerabilities, ensuring the protection of your vital systems. These newly identified security risks within SAP’s Internet Communication Manager demand immediate attention and decisive action.
On Thursday, August 18th, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year as part of joint research between Onapsis Research Labs and the SAP Product Security Response Team (PSRT), this validation from CISA shows that organizations should prioritize action immediately.If you’re ready to secure your ERP, visit our resource center:
Given the criticality of these vulnerabilities, Onapsis would like to ensure that every SAP customer can check to see if they are exposed — and take steps to protect their business-critical SAP applications.
The Onapsis Research Labs and SAP Product Security Response Team (PSRT) collaborated to discover and patch three critical vulnerabilities that affected the Internet Communication Manager (ICM), a core component of SAP business applications. Given the widespread usage of the vulnerable technology component in SAP landscapes worldwide, this discovery will require immediate attention by most SAP customers.
The individual ICMAD vulnerabilities are identified as CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533 — the first of which received the highest possible risk score, a 10 out of 10, while the other two received scores of 8.1 and 7.5, respectively. As a result, the U.S. Department of Homeland Security’s CISA has issued a Current Activity Alert.
Both SAP and Onapsis advise impacted organizations to immediately prioritize applying the Security Notes 3123396 and 3123427 to their affected SAP applications. If exploited, these vulnerabilities, dubbed ICMAD (Internet Communication Manager Advanced Desync), enable attackers to execute serious malicious activities on SAP users, business information, and processes, ultimately compromising unpatched SAP applications.
The ICMAD vulnerabilities are particularly critical because the issues exist by default in the SAP Internet Communication Manager (ICM). The ICM is one of the most important components of an SAP NetWeaver application server. It is present in most SAP products and is a critical part of the overall SAP technology stack, connecting SAP applications with the Internet.
Malicious actors can easily leverage the most critical vulnerability (CVSSv3 10.0) in unprotected systems; the exploit is simple and requires no previous authentication or preconditions, while the payload may be sent through HTTP(S), the most widely used network service to access SAP applications.
Numerous global organizations have issued alerts due to the potential threats associated with ICMAD vulnerabilities.
Click on the logos to see each alert.
Onapsis Research Labs’ thorough investigation of HTTP Response Smuggling over the last year led to the recent identification of the ICMAD vulnerabilities. Read the full threat report to understand:
ON DEMAND
Richard Puckett, CISO of SAP, and Mariano Nuñez, CEO and Co-founder of Onapsis, discuss how the Onapsis Research Labs and SAP Product Security Response Team worked in close partnership to identify, assess, and patch critical ICMAD vulnerabilities — and what you need to do to mitigate the risk to your SAP applications. Watch this session to learn:
“What makes these vulnerabilities particularly critical for SAP customers is the fact that the issues are present by default in the ICM component.”
Both SAP and Onapsis advise impacted organizations to prioritize applying the patches for Security Notes 3123396 and 3123427 to their affected SAP applications immediately.
For all SAP customers not currently using The Onapsis Platform, use our open-source tool to scan your system for vulnerabilities or schedule a complimentary 1:1 security briefing with an Onapsis expert to assess your potential exposure.
The Onapsis Platform includes vulnerability assessment capabilities, detection rules, and alarms to continuously monitor malicious activity targeting these specific vulnerabilities as well as thousands of others. With the first release of February 2022 (2.2022.021), all Onapsis customers with Onapsis Assess and/or Onapsis Defend have the capabilities to protect their organizations against these critical issues.
If you have any questions, please do not hesitate to contact your Onapsis representative.
Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.
Sitemap | Terms of Use | Privacy Policy |
Quality Policy | Disclosure Policy |
Security Vulnerability Reporting Guidelines |
©2024 Onapsis | All rights reserved
