关联漏洞
标题:
SAP多个产品环境问题漏洞
(CVE-2022-22536)
描述:SAP NetWeaver Application Server Java等都是德国思爱普(SAP)公司的产品。SAP NetWeaver Application Server Java是一款提供了Java运行环境的应用程序服务器。SAP NetWeaver Application Server是一款应用程序服务器。SAP ERP是一系列用于ERP管理的软件。SAP CRM是一个客户关系管理系统。Sap Crm Web Channel等都是德国思爱普(Sap)公司的产品。Sap Crm Web Chann
描述
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
文件快照
id: CVE-2022-22536
info:
name: SAP Memory Pipes (MPI) Desynchronization
author: pdteam
severi
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。