Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
Showing results for 
Search instead for 
Did you mean: 

Security risks online continue to grow at an alarming rate as malicious actors take advantage of the digital revolution. In 2021, the number of software supply chain attacks tripled, showing the need for constant security vigilance. As the global leader in business software, SAP bases its development processes on a comprehensive security strategy across the enterprise that relies on trainings, tools, and processes to deliver secure products and services. SAP remains committed to engaging and collaborating with key partners to provide our customers with the most secure environment possible.

As part of this ongoing commitment, the SAP Product Security Response team collaborated with OnapsisResearch Labs to discover and patch three critical memory corruption vulnerabilities that have affected the Internet Communication Manager (ICM). Onapsis, the leader in business-critical application cybersecurity and compliance, and SAP patched these vulnerabilities promptly, as ICM is a core component of SAP business applications.

SAP released three patches for all impacted systems of a possible security attack while Onapsis helped provide a free open-source vulnerability scanner tool to assist all SAP customers affected to immediately address these issues.

If your organization was impacted at all, SAP and Onapsis have advised users to prioritize applying Security Note 3123396 [CVE-2022-22536] to the affected SAP applications immediately. If your organization’s programwas exploited, these vulnerabilities, aka “ICMAD,” will enable attackers to execute serious malicious activity on SAP users, business information and processes.

As stated by Richard Puckett, SAP’s Chief Information Security Officer, “joining forces with partners helps usmaintain secure solutions for our global customer base. It is through collaboration with key partners like Onapsis that SAP customers can protect their businesses.

“These vulnerabilities can be exploited over the internet and without the need for attackers to be authenticated in the target systems, which makes them very critical,” said Mariano Nunez, CEO and co-founder of Onapsis. “We applaud SAP for their rapid response and working with Onapsis Research Labs after being notified by our experts. From swiftly issuing patches to working with our team to test the efficacy of those patches to proactively notifying impacted customers and the broader security community SAP is setting the bar for what vulnerability disclosure and response looks like and how working with trusted partners like Onapsis better protects its customers.”

What are the ICMAD Vulnerabilities?

ICM is the SAP component that enables HTTP(S) communications in SAP systems. Since ICM is exposed to the internet and untrusted networks by design, vulnerabilities in this component have an increased level of risk.

Recommendations Moving Forward

SAP and Onapsis are currently unaware of known customer breaches that relate to these vulnerabilities, but strongly advises impacted organizations to immediately apply Security Note 3123396 [CVE-2022-22536] to their affected SAP applications as soon as possible.

“As we have observed through recent threat intelligence, threat actors are actively targeting business-critical applications like SAP and have the expertise and tools to carry out sophisticated attacks,” said Nunez. “The discovery and patching of the ICMAD vulnerabilities as well as those previously identified by Onapsis Research Labs, such as RECON and 10KBLAZE, are essential to protecting the business-critical applications that power 92% of the Forbes Global 2000. I am proud of the work our researchers have done to bring these vulnerabilities to light so they could be mitigated and commend SAP for their response and collaboration.”

To learn about these vulnerabilities, join the upcoming webinar and download Onapsis’ latest threat report. SAP invites all customers to visit our Patch Day Wiki for the latest information about patches for SAP systems.

For more information about Onapsis Research Labs and details about its research, visit: