SapCVE-2021-38162CVE-2021-38162
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
92.4%
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | web_dispatcher | 7.22ext | cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.49 | cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.53 | cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.77 | cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.81 | cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.83 | cpe:2.3:a:sap:web_dispatcher:7.83:*:*:*:*:*:*:* |
| sap | web_dispatcher | kernel_7.22 | cpe:2.3:a:sap:web_dispatcher:kernel_7.22:*:*:*:*:*:*:* |
| sap | web_dispatcher | krnl64nuc_7.22 | cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22:*:*:*:*:*:*:* |
| sap | web_dispatcher | krnl64uc_7.22 | cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP Web Dispatcher",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "WEBDISP - 7.49"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "KRNL64UC -7.22"
},
{
"status": "affected",
"version": "KERNEL - 7.22"
},
{
"status": "affected",
"version": "7.83"
}
]
}
]References
Social References
More
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
92.4%