The ICMAD Vulnerabilities: Who Is at Risk and How to Protect Your Business-Critical SAP Applications

February 4, 2022

Onapsis Research Labs’ thorough investigation of HTTP Response Smuggling over the last year led to the recent identification of the ICMAD vulnerabilities.
Read the threat report from Onapsis Research Labs to understand:

  • What the ICMAD vulnerabilities are
  • The potential business impact of exploitation, including session hijacking, theft of credentials, and full SAP system takeover
  • Recommendations to protect your business-critical SAP systems 
  • New research into HTTP Response Smuggling techniques

Onapsis worked closely with SAP’s Product Security Response Team to discover and patch these critical vulnerabilities. Both companies believe that all unpatched SAP applications are at risk and strongly advise all impacted organizations to prioritize patching these affected systems as soon as possible.

For more information about the ICMAD SAP vulnerabilities, deep research from the Onapsis Research Labs, and an executive threat briefing, visit