Onapsis: Threat Report
Mitigating the Risk of New Vulnerabilities Affecting the SAP Internet Communication Manager Component
Executive Summary
Detailed research from the Onapsis Research Labs over the past year in HTTP Response Smuggling led to the discovery of a set of critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM), which we are referring to as ICMAD (Internet Communication Manager Advanced Desync). This discovery requires immediate attention by most SAP customers, given the widespread usage of the vulnerable technology component in SAP landscapes around the world.