Skip to content

Joris van de Vis

hacking

Details about SAP vulnerability CVE-2022-22536 – Request smuggling

In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.

SAP-SIEM image

How to avoid huge and fluctuating SAP-SIEM data costs

For real-time SAP Threat Detection, it is quite common to monitor SAP systems from a Security Operations Centre (SOC) by using central SIEM solutions. However, traditionally, these SIEM solutions are not ‘SAP-aware’ and should be fed with SAP security-relevant data to get the most out of them and secure the entire organization.