We’re aware of a critical vulnerability affecting SAP Internet Communication Manager (ICM), which is a core component of multiple SAP business applications that schools may use, including:
- SAP NetWeaver Application Server ABAP
- SAP NetWeaver Application Server Java, ABAP Platform
- SAP Content Server 7.53
- SAP Web Dispatcher
For a list of affected software configurations, please see the link here.
The vulnerable products allow an attacker to have remote code execution, resulting in a complete compromise of the system.
If a school or kura is using a SAP product mentioned, please apply the latest security patch released: Security Note: 3123396
If you’re unsure of the software version of your SAP product there is an open-source tool that can be used to check if it’s affected by CVE-2022–22536, which can be found here. Your IT provider should also be able to help you.
If you have any questions or need further support please call us on 0800 LEARNING.