CISA Issues Alert for Critical SAP Vulnerabilities

On Tuesday, February 8th, SAP released security updates to remediate critical vulnerabilities affecting SAP applications that use SAP Internet Communication Manager (ICM). Three vulnerabilities were found by security research firm Onapsis: CVE-2022-22536, CVE-2022-22532, and CVE-2022-22533, sporting CVSS scores of 10 (the highest possible), 8.1, and 7.5, respectively.

The vulnerabilities have been dubbed Internet Communication Manager Advanced Desync (ICMAD). When exploited, CISA warns that organizations risk data theft, financial fraud, disruption of critical business processes, ransomware, or complete operational halt.

The ICMAD vulnerabilities are particularly dangerous because ICM is vulnerable in default configurations, and is used in most SAP products to connect them to the internet. CVE-2022-22536 is particularly dangerous, as noted by the 10/10 CVSS, as an attacker can exploit with zero authentication via HTTP(S).

Recommended Remediation

If you believe your organization is at risk, prioritize patching the vulnerable applications immediately with note 3123396 and 3123427 in the SAP Security Update page.If you’re unsure whether or not your organization is affected, Onapsis has created a Python-based scanner to help with detection of CVE-2022-22536. Please note that this scanner is a best effort, and may not be 100% accurate.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.

Demo Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic