Vulnerabilities > SAP > WEB Dispatcher

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2023-09-12 CVE-2023-40309 Incorrect Authorization vulnerability in SAP products
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
critical
9.8
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2023-07-11 CVE-2023-33987 HTTP Request Smuggling vulnerability in SAP web Dispatcher
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages.
network
low complexity
sap CWE-444
critical
9.4
2023-07-11 CVE-2023-35871 Out-of-bounds Write vulnerability in SAP web Dispatcher
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
network
low complexity
sap CWE-787
critical
9.4
2022-04-12 CVE-2022-28772 Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
network
low complexity
sap CWE-787
5.0
2022-04-12 CVE-2022-28773 Uncontrolled Recursion vulnerability in SAP Netweaver and web Dispatcher
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
network
low complexity
sap CWE-674
7.5
2022-02-09 CVE-2022-22536 HTTP Request Smuggling vulnerability in SAP products
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
network
low complexity
sap CWE-444
critical
10.0
2021-09-14 CVE-2021-38162 HTTP Request Smuggling vulnerability in SAP web Dispatcher
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages.
network
low complexity
sap CWE-444
critical
9.4
2021-07-14 CVE-2021-33683 HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.
network
low complexity
sap CWE-444
4.3