This blog was originally published by Onapsis on February 8, 2022.
Written by JP Perez-Etchegoyen and the Onapsis Research Labs.
Detailed research from the Onapsis Research Labs throughout 2021 around HTTP Response Smuggling led to the recent discovery of a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component, which we have collectively dubbed ICMAD (Internet Communication Manager Advanced Desync), for short. This discovery will require immediate attention by most SAP customers, given the widespread usage of the vulnerable technology component in SAP landscapes around the world.
Download the Report: Onapsis and SAP Partner to Discover and Patch Critical ICMAD Vulnerabilities
https://cloudsecurityalliance.org/blog/2022/02/14/icmad-critical-vulnerabilities-in-sap-business-applications-require-immediate-attention/
------------------------------
Shamun Mahmud
Standards Officer, Sr. Research Analyst
Cloud Security Alliance
WA
------------------------------