cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-33005,https://securityvulnerability.io/vulnerability/CVE-2024-33005,Authorization Bypass VI carbon zente ideal primal crux deliver,"Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.",SAP,"SAP Netweaver Application Server (abap And Java),SAP Web Dispatcher And SAP Content Server",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T03:47:44.829Z,0 CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-09-12T03:15:00.000Z,0 CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-09-12T02:15:00.000Z,0 CVE-2023-35871,https://securityvulnerability.io/vulnerability/CVE-2023-35871,Memory Corruption vulnerability in SAP Web Dispatcher,"An identified vulnerability in SAP Web Dispatcher and related products allows unauthenticated attackers to exploit logical errors in memory management, potentially leading to memory corruption. This can result in an adverse effect on system integrity and availability, posing risks to data and operational stability. Users are advised to implement security updates as detailed in the vendor's announcement.",SAP,SAP Web Dispatcher,7.7,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0 CVE-2023-33987,https://securityvulnerability.io/vulnerability/CVE-2023-33987,Request smuggling and request concatenation in SAP Web Dispatcher,"This vulnerability in SAP Web Dispatcher and KERNEL allows an unauthenticated attacker to exploit improper input validation. By submitting a specially crafted request to the front-end server, the attacker can manipulate how the back-end server interprets messages, potentially blurring the lines between legitimate and malicious traffic. This could lead to unauthorized actions, such as reading or modifying sensitive information or even causing temporary unavailability of the server. Organizations using these SAP products should apply the latest patches to mitigate the risk associated with this vulnerability.",SAP,SAP Web Dispatcher,8.6,HIGH,0.001970000099390745,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0 CVE-2023-29108,https://securityvulnerability.io/vulnerability/CVE-2023-29108,"IP filter vulnerability in ABAP Platform and SAP Web Dispatcher ","The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources. ",SAP,Abap Platform And SAP Web Dispatcher,5,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-04-11T03:15:00.000Z,0 CVE-2022-27656,https://securityvulnerability.io/vulnerability/CVE-2022-27656,Cross-Site Scripting Vulnerability in SAP Web Dispatcher and Internet Communication Manager,"The SAP Web Dispatcher and Internet Communication Manager (ICM) possess a security vulnerability where the web administration user interface fails to adequately encode user-controlled inputs. This shortfall allows attackers to exploit the system, leading to potential Cross-Site Scripting (XSS) attacks that can compromise sensitive data, redirect users, or execute arbitrary scripts within the context of the user's session.",SAP,"SAP Netweaver As For Abap And Java (icm Administration Ui),SAP Web Dispatcher (web Administration Ui)",6.1,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-05-11T14:53:55.000Z,0 CVE-2022-28772,https://securityvulnerability.io/vulnerability/CVE-2022-28772,Denial of Service Vulnerability in SAP Web Dispatcher and Internet Communication Manager,"An attacker could exploit a vulnerability in SAP Web Dispatcher and Internet Communication Manager by supplying excessively long input values, potentially causing an overwrite of the internal program stack. This could lead to downtime and the inability to access critical application services, making effective security measures essential for safeguarding against such exploits.",SAP,"SAP Netweaver (internet Communication Manager),SAP Web Dispatcher",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-04-12T16:11:32.000Z,0 CVE-2022-28773,https://securityvulnerability.io/vulnerability/CVE-2022-28773,Denial of Service Vulnerability in SAP Web Dispatcher and SAP Internet Communication Manager,"An uncontrolled recursion issue has been identified in SAP Web Dispatcher and SAP Internet Communication Manager. This vulnerability may result in the applications crashing, which unexpectedly leads to a denial of service scenario. Fortunately, the systems can self-restart automatically, but this interruption may affect the availability of services reliant on these applications.",SAP,"SAP Netweaver (internet Communication Manager),SAP Web Dispatcher",7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-04-12T16:11:30.000Z,0 CVE-2022-22536,https://securityvulnerability.io/vulnerability/CVE-2022-22536,Request Smuggling Vulnerability in SAP NetWeaver and Related Products,"Several SAP NetWeaver products, including the Application Server ABAP and Java, along with the ABAP Platform and SAP Web Dispatcher, are vulnerable to a request smuggling issue. An unauthenticated attacker can manipulate HTTP requests by prepending arbitrary data to a victim's request. This technique enables the attacker to execute functions on behalf of the victim or to poison web caches, compromising the overall security of the system. As a result, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of affected SAP systems.",SAP,"SAP Netweaver And Abap Platform,SAP Web Dispatcher,SAP Content Server",10,CRITICAL,0.9574900269508362,true,2022-08-18T00:00:00.000Z,false,false,true,2022-04-02T16:12:56.000Z,true,false,false,,2022-02-09T22:05:24.000Z,0 CVE-2021-38162,https://securityvulnerability.io/vulnerability/CVE-2021-38162,HTTP Request Smuggling Vulnerability in SAP Web Dispatcher,"The vulnerability in SAP Web Dispatcher allows an unauthorized attacker to send a specially crafted request to a front-end server. This results in confusion between malicious and legitimate requests, potentially leading the back-end server to execute a malicious payload. The implications can include unauthorized reading or modification of sensitive data and resource exhaustion, making the server temporarily unavailable.",SAP,SAP Web Dispatcher,8.9,HIGH,0.009159999899566174,false,,false,false,false,,,false,false,,2021-09-14T11:15:37.000Z,0 CVE-2021-33683,https://securityvulnerability.io/vulnerability/CVE-2021-33683,HTTP Request Smuggling Vulnerability in SAP Web Dispatcher and Internet Communication Manager,"The vulnerability arises from the improper handling of invalid HTTP headers, specifically the Transfer-Encoding field, in the SAP Web Dispatcher and Internet Communication Manager. This flaw can be exploited by an attacker to perform an HTTP request smuggling attack, which allows for the evasion of web application firewall protections. Consequently, sensitive information, including customer requests and session credentials, could be compromised. It is critical for organizations using these products to implement necessary security measures to mitigate this risk.",SAP,SAP Web Dispatcher And Internet Communication Manager,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-07-14T11:04:45.000Z,0