Alert status HIGH Background / What has happened? The ACSC is aware of a vulnerability (CVE-2022-22536) affecting SAP products that use certain versions of SAP Internet Communication Manager (ICM). These products include: • SAP Web Dispatcher • SAP Content Server • SAP NetWeaver and ABAP Platform Successful exploitation of this vulnerability could allow an unauthenticated malicious actor to impersonate users of a vulnerable SAP system. Exploitation could result in disrupted operations, data theft, fraud, ransomware or denial-of-service against critical systems. Mitigation / How do I stay secure? Australian organisations should review their networks for use of vulnerable instances of SAP and apply the vendor’s patches as a high priority. Refer to the SAP Security Patch Day Advice for further information on impacted product versions. Assistance / Where can I go for help? The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.