As part of SAP's February update, a number of critical vulnerabilities have been announced; some of which are being actively targeted by attackers. Of these, CVE-2022-22536 and CVE-2022-22532 can be mitigated by advanced shields on request, which are suitable for applying to relevant vulnerable systems only. If you have vulnerable SAP systems and are unable to patch, please contact RedShield support urgently to have these shields deployed to affected sites. Please see below for more details on determining if you're vulnerable.
Vulnerabilities related to Log4j and are all covered by existing shields, which are already applied to all sites in blocking mode. Additional vulnerabilities announced are in client-side tools rather than websites and are out of scope for shielding. Please see SAP's Patch Day announcement for further details.
How do I know if I'm vulnerable?
The best way to know if you're vulnerable is to check if you're running any of the following:
- SAP Web Dispatcher, Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87
- SAP Content Server, Version - 7.53
- SAP NetWeaver and ABAP Platform, Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49
- SAP NetWeaver Application Server Java, Versions - KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53
as these are all vulnerable. Alternatively, if you are unable to check which version is running, Onapsis has released a Python script which can be run against any relevant sites to check for vulnerabilities. If you would like RedShield to perform scanning against your servers for this vulnerability, please let us know which sites you'd like it run on. Checking which versions are in use directly on the server is a more accurate and lower risk approach if possible.