cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-33005,https://securityvulnerability.io/vulnerability/CVE-2024-33005,Authorization Bypass VI carbon zente ideal primal crux deliver,"Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.",SAP,"SAP Netweaver Application Server (abap And Java),SAP Web Dispatcher And SAP Content Server",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T03:47:44.829Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2023-33987,https://securityvulnerability.io/vulnerability/CVE-2023-33987,Request smuggling and request concatenation in SAP Web Dispatcher,"This vulnerability in SAP Web Dispatcher and KERNEL allows an unauthenticated attacker to exploit improper input validation. By submitting a specially crafted request to the front-end server, the attacker can manipulate how the back-end server interprets messages, potentially blurring the lines between legitimate and malicious traffic. This could lead to unauthorized actions, such as reading or modifying sensitive information or even causing temporary unavailability of the server. Organizations using these SAP products should apply the latest patches to mitigate the risk associated with this vulnerability.",SAP,SAP Web Dispatcher,8.6,HIGH,0.001970000099390745,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-35871,https://securityvulnerability.io/vulnerability/CVE-2023-35871,Memory Corruption vulnerability in SAP Web Dispatcher,"An identified vulnerability in SAP Web Dispatcher and related products allows unauthenticated attackers to exploit logical errors in memory management, potentially leading to memory corruption. This can result in an adverse effect on system integrity and availability, posing risks to data and operational stability. Users are advised to implement security updates as detailed in the vendor's announcement.",SAP,SAP Web Dispatcher,7.7,HIGH,0.0009200000204145908,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-29108,https://securityvulnerability.io/vulnerability/CVE-2023-29108,"IP filter vulnerability in ABAP Platform and SAP Web Dispatcher	 ","The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

",SAP,ABAP Platform and SAP Web Dispatcher,5.3,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-04-11T03:15:00.000Z,0
CVE-2022-27656,https://securityvulnerability.io/vulnerability/CVE-2022-27656,,"The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Netweaver As For Abap And Java (icm Administration Ui),SAP Web Dispatcher (web Administration Ui)",6.1,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2022-05-11T14:53:55.000Z,0
CVE-2022-28772,https://securityvulnerability.io/vulnerability/CVE-2022-28772,,"By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.",SAP,"SAP Netweaver (internet Communication Manager),SAP Web Dispatcher",7.5,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-04-12T16:11:32.000Z,0
CVE-2022-28773,https://securityvulnerability.io/vulnerability/CVE-2022-28773,,"Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

",SAP,"SAP Netweaver (internet Communication Manager),SAP Web Dispatcher",7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2022-04-12T16:11:30.000Z,0
CVE-2022-22536,https://securityvulnerability.io/vulnerability/CVE-2022-22536,,"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

",SAP,"SAP Netweaver And Abap Platform,SAP Web Dispatcher,SAP Content Server",10,CRITICAL,0.9574900269508362,true,false,false,true,true,false,false,2022-02-09T22:05:24.000Z,0
CVE-2021-38162,https://securityvulnerability.io/vulnerability/CVE-2021-38162,,"SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.

",SAP,SAP Web Dispatcher,8.9,HIGH,0.009159999899566174,false,false,false,false,,false,false,2021-09-14T11:15:37.000Z,0
CVE-2021-33683,https://securityvulnerability.io/vulnerability/CVE-2021-33683,,"SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.",SAP,SAP Web Dispatcher And Internet Communication Manager,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-07-14T11:04:45.000Z,0