Security News > 2022 > August > CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022.
Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions -.
The agency has added new flaws disclosed by Apple and Google this week as well as previously documented Microsoft-related bugs and a remote code execution vulnerability in Palo Alto Networks PAN-OS that was disclosed in 2017.
CVE-2022-21971 is a remote code execution vulnerability in Windows Runtime that was resolved by Microsoft in February 2022.
The CISA notification, as is traditionally the case, is light on technical details of in-the-wild attacks associated with the vulnerabilities to avoid threat actors taking further advantage of them.
News URL
https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22536 | HTTP Request Smuggling vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |
| 2022-02-09 | CVE-2022-21971 | Access of Uninitialized Pointer vulnerability in Microsoft products Windows Runtime Remote Code Execution Vulnerability | 7.8 |