CVE-2023-35871

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.4CRITICAL

EPSS

0.6%

top 31.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP WEB Dispatcher SAP WEB Dispatcher

Timeline

PublishedJul 11

Description

The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to informati…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 2.2 | Impact: 5.5

Affected Packages2 packages

▶NVDsap/web_dispatcher20 versions+19

▶CVEListV5sap_se/sap_web_dispatcher19 versions+18

🔴Vulnerability Details

CVEList

Memory Corruption vulnerability in SAP Web Dispatcher↗2023-07-11

▶

GHSA

GHSA-mq9c-rx7q-5jph: The SAP Web Dispatcher - versions WEBDISP 7↗2023-07-11

▶