If a request passes through multiple SAP Web Dispatchers on its way, then this must be implemented in all SAP Web Dispatchers of this chain.Ģ. SAP Web Dispatcher has to be patched and the parameter wdisp/additional_conn_close=TRUE has to be set in the SAP Web Dispatcher. The workarounds are described in note 3137885.ĮDIT: On MaSAP released the emergency SP Stack Kernel 7.22 PL 1101.Īfter gathering and evaluating all current available information, I came to the following recommendation for remediating this vulnerability in the various affected scenarios: For ABAP systems or SAP Content Server behind SAP Web Dispatcher:ġ. SAP released the security note 3123396 and later on the FAQ note 3148968. On 8th of February 2022, SAP Security Patch Day a vulnerability in the Internet communication manager (ICM) was disclosed. Monday Feb 14, 2022: updated section For ABAP or JAVA systems systems or SAP Content Server behind load balancer / reverse proxy from other vendors. Wednesday Feb 16, 2022: updated section For JAVA systems behind SAP Web Dispatcher. Tuesday Feb 17, 2022: added section describing the impact of the workaround. Thursday Feb 24, 2022: added details to the section describing the impact of the workaround to AS Java systems. Tuesday Mar 22, 2022: added info about emergency SP Stack Kernel 7.22.
0 Comments
Leave a Reply. |