A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

Overview

Vulnerability assessment for CVE-2022-22536

This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022-22536, a critical vulnerability rated with CVSSv3 Score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). This vulnerability was discovered by the Onapsis Research Labs, which closely collaborated with SAP to develop and release a patch on February 8, 2022. Onapsis would like to thank the SAP Product Security Response Team (PSRT) for their collaboration and timely response. The two teams worked tirelessly to ensure that a timely fix was available to all SAP customers as soon as possible.

Considering the number of potential vulnerable internet-facing SAP systems and the sensitivity of the data and processes typically supported by these systems, Onapsis decided to develop and release this open-source tool as quickly as possible. The goal is to help the information security and administration teams at all SAP customers protect their mission-critical applications by enabling them to assess their exposure and evaluate whether their SAP are affected by this vulnerability. This tool can:

  • Perform a best-effort, black-box scan of your SAP application(s) to quickly assess if they may be vulnerable to CVE-2022-22536.

This tool cannot:

  • Guarantee with 100% accuracy whether your SAP applications are vulnerable or not.

There are, however, several known limitations of this tool and its usage should not be considered a guarantee that SAP applications are not affected by CVE-2022-22536. Several conditions can affect the state of the assessed applications, resulting in false positives and/or false negatives.

How to use this tool

Testing for SAP Systems affected by CVE-2022-22536

To test if your SAP ABAP or SAP JAVA systems are affected follow these steps:

  1. Clone this repository

  2. In the src you'll find a Python script called ICMAD_scanner.py.

  3. You can execute it running python ICMAD_scanner.py -H -P

  4. You can use python ICMAD_scanner.py -h to check for other options. The script supports systems using HTTP(s).

Scenarios supported

This tool has been tested in the following scenarios:

Direct testing against a SAP System

This tool provided realible results when used to test systems directly. This means with no HTTP(s) proxy device between the host executing the test and the target SAP system.

SAP WEB Dispatcher as Proxy

This tool provided reliable results when the SAP system under test was behind a SAP Web Dispatcher.

Other configurations / Proxies

This tool was not tested in any other environment or with any other proxy. Reliable results in any other scenario than the mentioned above are not guaranteed.

Additional Resources

For additional information about CVE-2022-22536 vulnerability, the potential business impact, the affected versions and other data points, please review the Threat Report and information available here: Onapsis and SAP Partner to Discover and Patch Critical ICMAD Vulnerabilities

The following SAP Notes provide additional information around patch and mitigations:

  • 3123396 - [CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher
  • 3137885 - Workaround for security SAP note 3123396
  • 3138881 - wdisp/additional_conn_close workaround for security SAP note 3123396
Owner
Onapsis Inc.
Onapsis open source projects
Onapsis Inc.
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

136 Jan 02, 2023
client attack remotely , this script was written for educational purposes only

client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it

9 Jun 05, 2022
This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

RemoteMouse-3.008-Exploit The RemoteMouse application is a program for remotely controlling a computer from a phone or tablet. This exploit allows to

Podalirius 25 Dec 04, 2022
List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

Nag 291 Dec 28, 2022
This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

f5-waf-enforce-sigs-CVE-2021-44228 This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device Overview This script enforce

Ismael Gonçalves 5 Mar 31, 2022
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

Dropout 17 Aug 23, 2021
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
Exploit grafana Pre-Auth LFI

Grafana-LFI-8.x Exploit grafana Pre-Auth LFI How to use python3

2 Jul 25, 2022
Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va

2 Jul 05, 2022
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
EMBArk - The firmware security scanning environment

Embark is being developed to provide the firmware security analyzer emba as a containerized service and to ease accessibility to emba regardless of system and operating system.

emba 175 Dec 14, 2022
Generate your own NFTs and their metadata based on your desired probabilities.

Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.

hex 7 Sep 16, 2022
Mass scan for .git repository and .env file exposure

Mass .Git repository and .Env file Scan by Scarmandef Scanner to find .env file and .git repository exposure on multiple hosts Because of the response

8 Jun 23, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

Enox 6 Oct 10, 2022
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe

PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis

Rdimo 56 Jul 31, 2022
ssh-audit is a tool for ssh server & client configuration auditing.

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Joe Testa 1.4k Dec 31, 2022
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021