Skip to the content.

Auth bypass in SAP

08 Feb 2022 - Patrick Hulshof

On Tuesday, February 8, 2022, SAP published a notice detailing a major request smuggling flaw (CVE-2022-22536) within their SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher products, which SAP claims could lead to authentication bypass. The DIVD opened case DIVD-2022-00010 to address this vulnerability in SAP that results in the threat that cloud lead to authentication bypass.

In the coming days the DIVD will be scanning worldwide to identify vulnerable versions of SAP servers and send notifications to our information sharing partners and individual network administrators.

Last modified: 18 Jan 2023 13:28