CVE-2021-33683

CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 67.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP WEB Dispatcher AND Internet Communication Manager SAP Internet Communication Manager SAP WEB Dispatcher

Timeline

PublishedJul 14

Latest updateMay 24

Description

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_web_dispatcher_and_internet_communication_manager< KRNL32NUC 7.21+15

▶NVDsap/internet_communication_manager15 versions+14

▶NVDsap/web_dispatcher15 versions+14

🔴Vulnerability Details

GHSA

GHSA-wp36-xpj5-g4w9: SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7↗2022-05-24

▶

CVEList

CVE-2021-33683: SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7↗2021-07-14

▶