On August 18, 2022 the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year, this validation from CISA shows that organizations should prioritize action immediately.
icmad
SAP Security Patch Day March 2022: SAP Focused Run Affected by Several Vulnerabilities
SAP has published 17 new and updated Security Notes on its March Patch Day. The most critical patch is for SAP Focused Run, with a CVSS 9.3 vulnerability which can lead to full compromise of the affected systems.
How Does HTTP Response Smuggling Work
Research from the Onapsis Research Labs in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). In this blog, learn how HTTP Response Smuggling works.
5 Things To Know About the ICMAD Vulnerabilities in SAP Business-Critical Applications
Onapsis and SAP partnered on the discovery and mitigation of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. Read along for five things you should know about the ICMAD vulnerabilities.
ICMAD: Critical Vulnerabilities in SAP Business Applications Require Immediate Attention
Onapsis Research Labs discovered a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. This discovery requires immediate attention by most SAP customers.
SAP Security Patch Day February 2022: Severe HTTP Smuggling Vulnerabilities in SAP NetWeaver
SAP’s February Patch Tuesday brings new extremely critical vulnerabilities in all SAP applications that are based on SAP NetWeaver. SAP, CISA, and Onapsis strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.
Categories
The Defenders Digest
Onapsis CTO and Director of Threat Research monthly video recap all things ERP security.
Watch Now