CVE-2023-33987

CWE-444HTTP Request Smuggling3 documents3 sources
Severity
9.4CRITICAL
EPSS
0.2%
top 60.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP WEB DispatcherSAP WEB Dispatcher
Timeline
PublishedJul 11

Description

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may,

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDsap/web_dispatcher24 versions+23
CVEListV5sap_se/sap_web_dispatcher23 versions+22

🔴Vulnerability Details

2
CVEList
Request smuggling and request concatenation in SAP Web Dispatcher2023-07-11
GHSA
GHSA-hp7v-3j27-4q36: An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 72023-07-11
CVE-2023-33987 (CRITICAL CVSS 9.4) | An unauthenticated attacker in SAP | cvebase.io