We’re aware of a critical vulnerability affecting SAP Internet Communication Manager (ICM), which is a core component of multiple SAP business applications that schools may use, including:

  • SAP NetWeaver Application Server ABAP
  • SAP NetWeaver Application Server Java, ABAP Platform
  • SAP Content Server 7.53
  • SAP Web Dispatcher

For a list of affected software configurations, please see the link here.

The vulnerable products allow an attacker to have remote code execution, resulting in a complete compromise of the system.

If a school or kura is using a SAP product mentioned, please apply the latest security patch released: Security Note: 3123396

If you’re unsure of the software version of your SAP product there is an open-source tool that can be used to check if it’s affected by CVE-2022–22536, which can be found here. Your IT provider should also be able to help you.

If you have any questions or need further support please call us on 0800 LEARNING.