CVE-2021-38162

CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

9.4CRITICAL

EPSS

1.8%

top 17.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP WEB Dispatcher SAP WEB Dispatcher

Timeline

PublishedSep 14

Latest updateMay 24

Description

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used t…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:LExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

▶NVDsap/web_dispatcher9 versions+8

▶CVEListV5sap_se/sap_web_dispatcher10 versions+9

🔴Vulnerability Details

GHSA

GHSA-r53f-vv7w-9v58: SAP Web Dispatcher versions - 7↗2022-05-24

▶

CVEList

CVE-2021-38162: SAP Web Dispatcher versions - 7↗2021-09-14

▶