SapCVE-2023-33987CVE-2023-33987
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
54.6%
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | web_dispatcher | 7.49 | cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.53 | cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.54 | cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.77 | cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.81 | cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.85 | cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.88 | cpe:2.3:a:sap:web_dispatcher:7.88:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.89 | cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:* |
| sap | web_dispatcher | 7.90 | cpe:2.3:a:sap:web_dispatcher:7.90:*:*:*:*:*:*:* |
| sap | web_dispatcher | hdb_2.00 | cpe:2.3:a:sap:web_dispatcher:hdb_2.00:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP Web Dispatcher",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "WEBDISP 7.49"
},
{
"status": "affected",
"version": "WEBDISP 7.53"
},
{
"status": "affected",
"version": "WEBDISP 7.54"
},
{
"status": "affected",
"version": "WEBDISP 7.77"
},
{
"status": "affected",
"version": "WEBDISP 7.81"
},
{
"status": "affected",
"version": "WEBDISP 7.85"
},
{
"status": "affected",
"version": "WEBDISP 7.88"
},
{
"status": "affected",
"version": "WEBDISP 7.89"
},
{
"status": "affected",
"version": "WEBDISP 7.90"
},
{
"status": "affected",
"version": "KERNEL 7.49"
},
{
"status": "affected",
"version": "KERNEL 7.53"
},
{
"status": "affected",
"version": "KERNEL 7.54 KERNEL 7.77"
},
{
"status": "affected",
"version": "KERNEL 7.81"
},
{
"status": "affected",
"version": "KERNEL 7.85"
},
{
"status": "affected",
"version": "KERNEL 7.88"
},
{
"status": "affected",
"version": "KERNEL 7.89"
},
{
"status": "affected",
"version": "KERNEL 7.90"
},
{
"status": "affected",
"version": "KRNL64NUC 7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.53"
},
{
"status": "affected",
"version": "HDB 2.00"
},
{
"status": "affected",
"version": "XS_ADVANCED_RUNTIME 1.00"
},
{
"status": "affected",
"version": "SAP_EXTENDED_APP_SERVICES 1"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
54.6%