Sap Web Dispatcher vulnerabilities

11 known vulnerabilities affecting sap/web_dispatcher.

Total CVEs
11
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-33005MEDIUMCVSS 6.3vkernel_7.22vkernel_7.53+17 more2024-08-13
CVE-2024-33005 [MEDIUM] CWE-862 CVE-2024-33005: Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of th
nvd
CVE-2023-40309CRITICALCVSS 9.8v7.22extv7.53+4 more2023-09-12
CVE-2023-40309 [CRITICAL] CWE-863 CVE-2023-40309: SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as r
nvd
CVE-2023-40308HIGHCVSS 7.5v7.22extv7.53+4 more2023-09-12
CVE-2023-40308 [HIGH] CWE-787 CVE-2023-40308: SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to a SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
nvd
CVE-2023-33987CRITICALCVSS 9.4v7.49v7.53+22 more2023-07-11
CVE-2023-33987 [HIGH] CWE-444 CVE-2023-33987: An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.5 An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB
nvd
CVE-2023-35871CRITICALCVSS 9.4v7.53v7.54+18 more2023-07-11
CVE-2023-35871 [HIGH] CWE-787 CVE-2023-35871: The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7. The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that
nvd
CVE-2023-29108MEDIUMCVSS 5.3v7.85v7.892023-04-11
CVE-2023-29108 [MEDIUM] CWE-923 CVE-2023-29108: The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7. The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
nvd
CVE-2022-28773HIGHCVSS 7.5v7.53v7.77+3 more2022-04-12
CVE-2022-28773 [HIGH] CWE-674 CVE-2022-28773: Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the a Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
nvd
CVE-2022-28772HIGHCVSS 7.5v7.53v7.77+3 more2022-04-12
CVE-2022-28772 [HIGH] CWE-121 CVE-2022-28772: By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Di By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, le
nvd
CVE-2022-22536CRITICALCVSS 10.0KEVPoCv7.22extv7.49+6 more2022-02-09
CVE-2022-22536 [CRITICAL] CWE-444 CVE-2022-22536: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the vi
nvd
CVE-2021-38162CRITICALCVSS 9.4v7.22extv7.49+7 more2021-09-14
CVE-2021-38162 [HIGH] CWE-444 CVE-2021-38162: SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.2 SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server conf
nvd
CVE-2021-33683MEDIUMCVSS 4.3v7.8_kernel_7.21v7.21ext+13 more2021-07-14
CVE-2021-33683 [MEDIUM] CWE-444 CVE-2021-33683: SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.2 SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82
nvd