SAP ICM vulnerability allows theft of credentials and session information, which can be used to launch ransomware and steal sensitive data. Credit: Thinkstock Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications. Tracked as CVE-2022-22536, the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. A security patch is available and organizations are urged to update as soon as possible.Exploitation possible via simple HTTP requestIn a report, Onapsis stated that the vulnerability can be exploited via an attack known as HTTP request smuggling, which can be used to steal credentials and session information from unpatched SAP servers even if servers are placed behind proxies. “A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation,” it added.A post on SAP’s website confirmed the severity of the issue, which was announced at the same time as two other, less serious SAP vulnerabilities tracked as CVE-2022-22532 and CVE-2022-22533. “If your organization’s program was exploited, these vulnerabilities, a.k.a. “ICMAD,” will enable attackers to execute serious malicious activity on SAP users, business information, and processes,” SAP said.Security patch available, ransomware and data theft among exploit risksSAP released a security patch for CVE-2022-22536 on February 9, and while the firm stated it is not aware of any related customer breaches, businesses should update SAP applications as soon as possible due to the vast use of the vulnerable component and potential for exploitation. “As we have observed through recent threat intelligence, threat actors are actively targeting business-critical applications like SAP and have the expertise and tools to carry out sophisticated attacks,” commented Mariano Nunez, Onapsis CEO and co-founder. CISA warned that impacted organizations could experience theft of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and halt of operations if targeted. Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe