11 matches found
CVE-2022-22536
CVE-2022-22536 affects SAP NetWeaver components (ABAP/Java stacks), ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. The issue is HTTP request smuggling/concatenation caused by how the SAP ICM front end parses requests, enabling an unauthenticated attacker to prepend arbitrary data...
CVE-2023-40309
CVE-2023-40309 affects SAP CommonCryptoLib and is caused by insufficient authentication checks, enabling possible privilege escalation for an authenticated user and potential reading/modification/deletion of restricted data. The vulnerability is rated CRITICAL (CVSSv3.1: 9.8, AV:N/AC:L/PR:N/UI:N/...
CVE-2022-28772
The CVE-2022-28772 entry concerns a buffer overflow in SAP Web Dispatcher and SAP Internet Communication Manager caused by overlong input values that can overwrite the internal program stack, leading to a denial of service. Affected products include SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7...
CVE-2022-28773
CVE-2022-28773 affects SAP Web Dispatcher and SAP Internet Communication Manager. The issue is caused by uncontrolled recursion, leading to denial of service with a crash that is restartable. Public details across connected documents confirm the component/file-level root cause and DoS impact; som...
CVE-2023-40308
The CVE-2023-40308 issue affects SAP CommonCryptoLib and is caused by memory corruption triggered by an unauthenticated crafted request sent to an open port. The resulting crash makes the target component unavailable, with no impact on confidentiality or integrity reported. Evidence across multip...
CVE-2023-35871
Technical details about CVE-2023-35871 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2024-33005
The CVE-2024-33005 issue affects SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server. Root cause: missing authorization checks in the local system allow admin users to impersonate other users and perform unintended actions. Impact: low confidentiality but ...
CVE-2021-38162
The CVE-2021-38162 entry affects SAP Web Dispatcher and related kernel components (Web Dispatcher v7.49, 7.53, 7.77, 7.81; KRNL64NUC 7.22/7.22EXT/7.49; KRNL64UC 7.22/7.22EXT/7.49/7.53; KERNEL 7.22/7.49/7.53/7.77/7.81/7.83). An unauthenticated attacker can send crafted network requests to a front‑...
CVE-2021-33683
CVE-2021-33683 affects SAP Web Dispatcher and Internet Communication Manager (ICM) components, including KRNL32NUC/64NUC, KRNL32UC/64UC, WEBDISP, and KERNEL across multiple 7.x versions up to 7.83. The vulnerability stems from incorrect handling of invalid HTTP headers, specifically Transfer-Enco...
CVE-2023-29108
The CVE-2023-29108 issue affects ABAP Platform and SAP Web Dispatcher: IP filter vulnerability due to erroneous IP netmask handling. Affected: ABAP Platform 7.85–7.91 and SAP Web Dispatcher 7.85–7.89 (kernel 7.85/7.89/7.91). Impact: may allow access to backend applications from unwanted sources. ...
CVE-2023-33987
The CVE-2023-33987 issue affects SAP Web Dispatcher and related components (WEBDISP, KERNEL, KRNL64NUC/UC, HDB, XS_ADVANCED_RUNTIME, SAP_EXTENDED_APP_SERVICES) where an unauthenticated, network-proximate attacker can submit crafted requests to a front-end server. Over multiple attempts, this can ...