SAPGateBreaker Exploit - CVE-2022-22536 - HTTP Request Smuggling Through SAP's Front Door

vendor:

SAP NetWeaver Application Server

by:

Victor de Queiroz

6.1

CVSS

HIGH

HTTP Request Smuggling

200

CWE

Product Name: SAP NetWeaver Application Server

Affected Version From: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, SAP Web Dispatcher

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2022-22536

CPE: a:sap:sap_netweaver_application_server_abap

Metasploit:

Other Scripts:

Platforms Tested: Red Hat Enterprise Linux (RHEL)

2025

SAPGateBreaker Exploit – CVE-2022-22536 – HTTP Request Smuggling Through SAP’s Front Door

The SAPGateBreaker exploit leverages CVE-2022-22536 to perform HTTP Request Smuggling on SAP NetWeaver Application Server. This exploit allows for ACL bypass and internal access through a Content-Length-based technique.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the patches provided by SAP. Additionally, monitoring and filtering incoming requests can help prevent exploitation.

Source

SAPGateBreaker Exploit – CVE-2022-22536 – HTTP Request Smuggling Through SAP’s Front Door

Mitigation:

Exploit-DB raw data: