Internal Server Error - Exploiting Inter-Process Communication in SAP's HTTP Server

Explore a critical cybersecurity presentation from Black Hat that delves into exploiting inter-process communication vulnerabilities in SAP's HTTP server. Learn about two significant memory corruption vulnerabilities (CVE-2022-22536 and CVE-2022-22532) affecting SAP's Internet Communication Manager (ICM), which could potentially compromise any SAP installation worldwide. Discover the architecture of ICM, understand memory pipes and internal handlers, and witness a demonstration of how these vulnerabilities can be exploited. Gain insights into SAP's response to these issues and the broader implications for organizations relying on SAP software. This 39-minute talk by Martin Doyhenard offers valuable knowledge for cybersecurity professionals, SAP administrators, and anyone interested in understanding the complexities of securing enterprise software systems.