Exploiting Inter-Process Communication in SAP’s HTTP Server

Explore a critical security presentation from Ekoparty 2022 that unveils exploitable vulnerabilities in SAP's HTTP Server. Delve into the details of two memory corruption vulnerabilities (CVE-2022-22536 and CVE-2022-22532) discovered in the Internet Communication Manager (ICM), a core component handling HTTP requests for SAP deployments. Learn how these remotely exploitable flaws could be leveraged by unauthenticated attackers to compromise SAP installations worldwide. Gain insights into high-level protocol exploitation techniques and their potential impact on 90% of Fortune 500 companies relying on SAP software. Presented by Martin Doyhenard, a security researcher from Onapsis Research Labs, this talk offers valuable knowledge on Web stack security, reverse engineering, and binary analysis in the context of ERP systems.