CISA Warns Admins To Patch SAP Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has warned administrators to patch their systems against a number of security flaws.

The vulnerabilities are identified as Internet Communication Manager Advanced Desync (ICMAD). These flaws impact the SAP business app using Internet Communication Manager (ICM).

The three ICMAD flaws include CVE-2022-22536, which is classified as a maximum severity problem, and two others, which are tracked as CVE-2022-22532 and CVE-2022-22533.

The SAP Product Security Response Team (PSRT) alongside Onapsis worked together to create the security patches for the vulnerabilities.

Failure to patch the flaws means organizations are ultimately exposed to data theft, risks of financial fraud, disruptions to mission-critical business processes, ransomware attacks, and others.

After successfully exploiting the ICMAD bugs, attackers can perform several actions against SAP users, including stealing credentials, triggering denials of service, executing code remotely, and compromising any unpatched SAP applications.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web