Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for SAP Web Dispatcher by SAP_SE

    CVE-2024-47590 (GCVE-0-2024-47590)

    Vulnerability from nvd – Published: 2024-11-12 00:26 – Updated: 2024-11-12 17:11
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
    Summary
    An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-791 - Incomplete Filtering of Special ElementCWE-918: Server-Side Request Forgery (SSRF)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: KERNEL 7.77
    Affected: 9.12
    Affected: 9.13
    Create a notification for this product.
    sap web_dispatcher Affected: 7.89
        cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 7.93
        cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: kernel_7.77
        cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 9.12
        cpe:2.3:a:sap:web_dispatcher:9.12:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 9.13
        cpe:2.3:a:sap:web_dispatcher:9.13:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: webdisp_7.77
        cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.89"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.93"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "kernel_7.77"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:9.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:9.13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "webdisp_7.77"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T16:07:08.713669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T17:11:38.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "9.12"
                },
                {
                  "status": "affected",
                  "version": "9.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim\u0027s browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim\u0027s browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-791",
                  "description": "CWE-791: Incomplete Filtering of Special ElementCWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-12T00:27:03.370Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3520281"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-47590",
        "datePublished": "2024-11-12T00:26:18.659Z",
        "dateReserved": "2024-09-27T20:05:59.021Z",
        "dateUpdated": "2024-11-12T17:11:38.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40309 (GCVE-0-2023-40309)

    Vulnerability from nvd – Published: 2023-09-12 02:21 – Updated: 2024-09-28 22:10
    VLAI
    Title
    Missing Authorization check in SAP CommonCryptoLib
    Summary
    SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CommonCryptoLib Affected: 8
    Create a notification for this product.
    SAP_SE SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54
    Affected: KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KERNEL 8.04
    Affected: KERNEL64UC 7.22
    Affected: KERNEL64UC 7.22EXT
    Affected: KERNEL64UC 7.53
    Affected: KERNEL64UC 8.04
    Affected: KERNEL64NUC 7.22
    Affected: KERNEL64NUC 7.22EXT
    Create a notification for this product.
    SAP_SE SAP Web Dispatcher Affected: 7.22EXT
    Affected: 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.85
    Affected: 7.89
    Create a notification for this product.
    SAP_SE SAP Content Server Affected: 6.50
    Affected: 7.53
    Affected: 7.54
    Create a notification for this product.
    SAP_SE SAP HANA Database Affected: 2.00
    Create a notification for this product.
    SAP_SE SAP Host Agent Affected: 722
    Create a notification for this product.
    SAP_SE SAP Extended Application Services and Runtime (XSA) Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: XS_ADVANCED_RUNTIME 1.00
    Create a notification for this product.
    SAP_SE SAPSSOEXT Affected: 17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3340576"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:26:09.938156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:26:24.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CommonCryptoLib",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "8"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22EXT"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.50"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Database",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Host Agent",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "722"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Extended Application Services and Runtime (XSA)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAPSSOEXT",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-28T22:10:46.845Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3340576"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP CommonCryptoLib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-40309",
        "datePublished": "2023-09-12T02:21:19.058Z",
        "dateReserved": "2023-08-14T07:36:04.796Z",
        "dateUpdated": "2024-09-28T22:10:46.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40308 (GCVE-0-2023-40308)

    Vulnerability from nvd – Published: 2023-09-12 01:21 – Updated: 2024-09-26 18:22
    VLAI
    Title
    Memory Corruption vulnerability in SAP CommonCryptoLib
    Summary
    SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CommonCryptoLib Affected: 8
    Create a notification for this product.
    SAP_SE SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54
    Affected: KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KERNEL 8.04
    Affected: KERNEL64UC 7.22
    Affected: KERNEL64UC 7.22EXT
    Affected: KERNEL64UC 7.53
    Affected: KERNEL64UC 8.04
    Affected: KERNEL64NUC 7.22
    Affected: KERNEL64NUC 7.22EXT
    Create a notification for this product.
    SAP_SE SAP Web Dispatcher Affected: 7.22EXT
    Affected: 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.85
    Affected: 7.89
    Create a notification for this product.
    SAP_SE SAP Content Server Affected: 6.50
    Affected: 7.53
    Affected: 7.54
    Create a notification for this product.
    SAP_SE SAP HANA Database Affected: 2.00
    Create a notification for this product.
    SAP_SE SAP Host Agent Affected: 722
    Create a notification for this product.
    SAP_SE SAP Extended Application Services and Runtime (XSA) Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: XS_ADVANCED_RUNTIME 1.00
    Create a notification for this product.
    SAP_SE SAPSSOEXT Affected: 17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3327896"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:46:05.348783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:46:15.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CommonCryptoLib",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "8"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "KERNEL",
              "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22EXT"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.50"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Database",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Host Agent",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "722"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Extended Application Services and Runtime (XSA)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAPSSOEXT",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\u003c/p\u003e"
                }
              ],
              "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T18:22:53.534Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3327896"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP CommonCryptoLib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-40308",
        "datePublished": "2023-09-12T01:21:15.083Z",
        "dateReserved": "2023-08-14T07:36:04.796Z",
        "dateUpdated": "2024-09-26T18:22:53.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35871 (GCVE-0-2023-35871)

    Vulnerability from nvd – Published: 2023-07-11 02:41 – Updated: 2024-10-23 16:25
    VLAI
    Title
    Memory Corruption vulnerability in SAP Web Dispatcher
    Summary
    The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.53
    Affected: WEBDISP 7.54
    Affected: WEBDISP 7.77
    Affected: WEBDISP 7.85
    Affected: WEBDISP 7.89
    Affected: WEBDISP 7.91
    Affected: WEBDISP 7.92
    Affected: WEBDISP 7.93
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54 KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KRNL64UC 7.53
    Affected: HDB 2.00
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:45.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3340735"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T16:24:29.446961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T16:25:51.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.54"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.85"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.89"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.91"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.92"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54 KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T13:05:33.938Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3340735"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-35871",
        "datePublished": "2023-07-11T02:41:03.537Z",
        "dateReserved": "2023-06-19T10:27:44.580Z",
        "dateUpdated": "2024-10-23T16:25:51.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33987 (GCVE-0-2023-33987)

    Vulnerability from nvd – Published: 2023-07-11 02:24 – Updated: 2024-12-04 15:32
    VLAI
    Title
    Request smuggling and request concatenation in SAP Web Dispatcher
    Summary
    An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.49
    Affected: WEBDISP 7.53
    Affected: WEBDISP 7.54
    Affected: WEBDISP 7.77
    Affected: WEBDISP 7.81
    Affected: WEBDISP 7.85
    Affected: WEBDISP 7.88
    Affected: WEBDISP 7.89
    Affected: WEBDISP 7.90
    Affected: KERNEL 7.49
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54 KERNEL 7.77
    Affected: KERNEL 7.81
    Affected: KERNEL 7.85
    Affected: KERNEL 7.88
    Affected: KERNEL 7.89
    Affected: KERNEL 7.90
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: KRNL64UC 7.53
    Affected: HDB 2.00
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3233899"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T15:32:02.394644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T15:32:10.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.49"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.54"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.81"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.85"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.88"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.89"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.90"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54 KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.81"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.88"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.90"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T02:24:52.753Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3233899"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Request smuggling and request concatenation in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-33987",
        "datePublished": "2023-07-11T02:24:52.753Z",
        "dateReserved": "2023-05-24T20:41:32.834Z",
        "dateUpdated": "2024-12-04T15:32:10.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47590 (GCVE-0-2024-47590)

    Vulnerability from cvelistv5 – Published: 2024-11-12 00:26 – Updated: 2024-11-12 17:11
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
    Summary
    An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-791 - Incomplete Filtering of Special ElementCWE-918: Server-Side Request Forgery (SSRF)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: KERNEL 7.77
    Affected: 9.12
    Affected: 9.13
    Create a notification for this product.
    sap web_dispatcher Affected: 7.89
        cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 7.93
        cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: kernel_7.77
        cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 9.12
        cpe:2.3:a:sap:web_dispatcher:9.12:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: 9.13
        cpe:2.3:a:sap:web_dispatcher:9.13:*:*:*:*:*:*:*
    Create a notification for this product.
    sap web_dispatcher Affected: webdisp_7.77
        cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.89"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.93"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "kernel_7.77"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:9.12:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:9.13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web_dispatcher",
                "vendor": "sap",
                "versions": [
                  {
                    "status": "affected",
                    "version": "webdisp_7.77"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T16:07:08.713669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T17:11:38.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "9.12"
                },
                {
                  "status": "affected",
                  "version": "9.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim\u0027s browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim\u0027s browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-791",
                  "description": "CWE-791: Incomplete Filtering of Special ElementCWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-12T00:27:03.370Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3520281"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-47590",
        "datePublished": "2024-11-12T00:26:18.659Z",
        "dateReserved": "2024-09-27T20:05:59.021Z",
        "dateUpdated": "2024-11-12T17:11:38.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40309 (GCVE-0-2023-40309)

    Vulnerability from cvelistv5 – Published: 2023-09-12 02:21 – Updated: 2024-09-28 22:10
    VLAI
    Title
    Missing Authorization check in SAP CommonCryptoLib
    Summary
    SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CommonCryptoLib Affected: 8
    Create a notification for this product.
    SAP_SE SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54
    Affected: KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KERNEL 8.04
    Affected: KERNEL64UC 7.22
    Affected: KERNEL64UC 7.22EXT
    Affected: KERNEL64UC 7.53
    Affected: KERNEL64UC 8.04
    Affected: KERNEL64NUC 7.22
    Affected: KERNEL64NUC 7.22EXT
    Create a notification for this product.
    SAP_SE SAP Web Dispatcher Affected: 7.22EXT
    Affected: 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.85
    Affected: 7.89
    Create a notification for this product.
    SAP_SE SAP Content Server Affected: 6.50
    Affected: 7.53
    Affected: 7.54
    Create a notification for this product.
    SAP_SE SAP HANA Database Affected: 2.00
    Create a notification for this product.
    SAP_SE SAP Host Agent Affected: 722
    Create a notification for this product.
    SAP_SE SAP Extended Application Services and Runtime (XSA) Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: XS_ADVANCED_RUNTIME 1.00
    Create a notification for this product.
    SAP_SE SAPSSOEXT Affected: 17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3340576"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:26:09.938156Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:26:24.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CommonCryptoLib",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "8"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22EXT"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.50"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Database",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Host Agent",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "722"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Extended Application Services and Runtime (XSA)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAPSSOEXT",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-28T22:10:46.845Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3340576"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP CommonCryptoLib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-40309",
        "datePublished": "2023-09-12T02:21:19.058Z",
        "dateReserved": "2023-08-14T07:36:04.796Z",
        "dateUpdated": "2024-09-28T22:10:46.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40308 (GCVE-0-2023-40308)

    Vulnerability from cvelistv5 – Published: 2023-09-12 01:21 – Updated: 2024-09-26 18:22
    VLAI
    Title
    Memory Corruption vulnerability in SAP CommonCryptoLib
    Summary
    SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CommonCryptoLib Affected: 8
    Create a notification for this product.
    SAP_SE SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54
    Affected: KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KERNEL 8.04
    Affected: KERNEL64UC 7.22
    Affected: KERNEL64UC 7.22EXT
    Affected: KERNEL64UC 7.53
    Affected: KERNEL64UC 8.04
    Affected: KERNEL64NUC 7.22
    Affected: KERNEL64NUC 7.22EXT
    Create a notification for this product.
    SAP_SE SAP Web Dispatcher Affected: 7.22EXT
    Affected: 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.85
    Affected: 7.89
    Create a notification for this product.
    SAP_SE SAP Content Server Affected: 6.50
    Affected: 7.53
    Affected: 7.54
    Create a notification for this product.
    SAP_SE SAP HANA Database Affected: 2.00
    Create a notification for this product.
    SAP_SE SAP Host Agent Affected: 722
    Create a notification for this product.
    SAP_SE SAP Extended Application Services and Runtime (XSA) Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: XS_ADVANCED_RUNTIME 1.00
    Create a notification for this product.
    SAP_SE SAPSSOEXT Affected: 17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3327896"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40308",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T14:46:05.348783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T14:46:15.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CommonCryptoLib",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "8"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "KERNEL",
              "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL64NUC 7.22EXT"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.50"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Database",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Host Agent",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "722"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAP Extended Application Services and Runtime (XSA)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SAPSSOEXT",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\u003c/p\u003e"
                }
              ],
              "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T18:22:53.534Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3327896"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP CommonCryptoLib",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-40308",
        "datePublished": "2023-09-12T01:21:15.083Z",
        "dateReserved": "2023-08-14T07:36:04.796Z",
        "dateUpdated": "2024-09-26T18:22:53.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35871 (GCVE-0-2023-35871)

    Vulnerability from cvelistv5 – Published: 2023-07-11 02:41 – Updated: 2024-10-23 16:25
    VLAI
    Title
    Memory Corruption vulnerability in SAP Web Dispatcher
    Summary
    The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.53
    Affected: WEBDISP 7.54
    Affected: WEBDISP 7.77
    Affected: WEBDISP 7.85
    Affected: WEBDISP 7.89
    Affected: WEBDISP 7.91
    Affected: WEBDISP 7.92
    Affected: WEBDISP 7.93
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54 KERNEL 7.77
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KERNEL 7.91
    Affected: KERNEL 7.92
    Affected: KERNEL 7.93
    Affected: KRNL64UC 7.53
    Affected: HDB 2.00
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:45.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3340735"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35871",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T16:24:29.446961Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T16:25:51.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.54"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.85"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.89"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.91"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.92"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54 KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.91"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.92"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.93"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T13:05:33.938Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3340735"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-35871",
        "datePublished": "2023-07-11T02:41:03.537Z",
        "dateReserved": "2023-06-19T10:27:44.580Z",
        "dateUpdated": "2024-10-23T16:25:51.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33987 (GCVE-0-2023-33987)

    Vulnerability from cvelistv5 – Published: 2023-07-11 02:24 – Updated: 2024-12-04 15:32
    VLAI
    Title
    Request smuggling and request concatenation in SAP Web Dispatcher
    Summary
    An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher Affected: WEBDISP 7.49
    Affected: WEBDISP 7.53
    Affected: WEBDISP 7.54
    Affected: WEBDISP 7.77
    Affected: WEBDISP 7.81
    Affected: WEBDISP 7.85
    Affected: WEBDISP 7.88
    Affected: WEBDISP 7.89
    Affected: WEBDISP 7.90
    Affected: KERNEL 7.49
    Affected: KERNEL 7.53
    Affected: KERNEL 7.54 KERNEL 7.77
    Affected: KERNEL 7.81
    Affected: KERNEL 7.85
    Affected: KERNEL 7.88
    Affected: KERNEL 7.89
    Affected: KERNEL 7.90
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: KRNL64UC 7.53
    Affected: HDB 2.00
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3233899"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T15:32:02.394644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T15:32:10.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBDISP 7.49"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.54"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.77"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.81"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.85"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.88"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.89"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.90"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.54 KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.81"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.88"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.90"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T02:24:52.753Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3233899"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Request smuggling and request concatenation in SAP Web Dispatcher",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-33987",
        "datePublished": "2023-07-11T02:24:52.753Z",
        "dateReserved": "2023-05-24T20:41:32.834Z",
        "dateUpdated": "2024-12-04T15:32:10.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }