SAP ICM vulnerability allows theft of credentials and session information, which can be used to launch ransomware and steal sensitive data. Credit: Thinkstock Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications. Tracked as CVE-2022-22536, the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. A security patch is available and organizations are urged to update as soon as possible.Exploitation possible via simple HTTP requestIn a report, Onapsis stated that the vulnerability can be exploited via an attack known as HTTP request smuggling, which can be used to steal credentials and session information from unpatched SAP servers even if servers are placed behind proxies. “A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation,” it added.A post on SAP’s website confirmed the severity of the issue, which was announced at the same time as two other, less serious SAP vulnerabilities tracked as CVE-2022-22532 and CVE-2022-22533. “If your organization’s program was exploited, these vulnerabilities, a.k.a. “ICMAD,” will enable attackers to execute serious malicious activity on SAP users, business information, and processes,” SAP said. Security patch available, ransomware and data theft among exploit risksSAP released a security patch for CVE-2022-22536 on February 9, and while the firm stated it is not aware of any related customer breaches, businesses should update SAP applications as soon as possible due to the vast use of the vulnerable component and potential for exploitation. “As we have observed through recent threat intelligence, threat actors are actively targeting business-critical applications like SAP and have the expertise and tools to carry out sophisticated attacks,” commented Mariano Nunez, Onapsis CEO and co-founder. CISA warned that impacted organizations could experience theft of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and halt of operations if targeted. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe