Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33987

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.

Published

2023-07-11T03:15:09.450

Last Modified

2024-11-21T08:06:21.403

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Primary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	web_dispatcher	7.49	Yes
Application	sap	web_dispatcher	7.53	Yes
Application	sap	web_dispatcher	7.54	Yes
Application	sap	web_dispatcher	7.77	Yes
Application	sap	web_dispatcher	7.81	Yes
Application	sap	web_dispatcher	7.85	Yes
Application	sap	web_dispatcher	7.88	Yes
Application	sap	web_dispatcher	7.89	Yes
Application	sap	web_dispatcher	7.90	Yes
Application	sap	web_dispatcher	hdb_2.00	Yes
Application	sap	web_dispatcher	kernel_7.49	Yes
Application	sap	web_dispatcher	kernel_7.53	Yes
Application	sap	web_dispatcher	kernel_7.54	Yes
Application	sap	web_dispatcher	kernel_7.77	Yes
Application	sap	web_dispatcher	kernel_7.81	Yes
Application	sap	web_dispatcher	kernel_7.85	Yes
Application	sap	web_dispatcher	kernel_7.88	Yes
Application	sap	web_dispatcher	kernel_7.89	Yes
Application	sap	web_dispatcher	kernel_7.90	Yes
Application	sap	web_dispatcher	krnl64nuc_7.49	Yes
Application	sap	web_dispatcher	krnl64uc_7.49	Yes
Application	sap	web_dispatcher	krnl64uc_7.53	Yes
Application	sap	web_dispatcher	sap_extended_app_services_1	Yes
Application	sap	web_dispatcher	xs_advanced_runtime_1.00	Yes

References

https://me.sap.com/notes/3233899 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3233899 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)