9.4

CVE-2023-35871

The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.

Data is provided by the National Vulnerability Database (NVD)
SAPWeb Dispatcher Version7.53
SAPWeb Dispatcher Version7.54
SAPWeb Dispatcher Version7.77
SAPWeb Dispatcher Version7.85
SAPWeb Dispatcher Version7.89
SAPWeb Dispatcher Version7.91
SAPWeb Dispatcher Version7.92
SAPWeb Dispatcher Version7.93
SAPWeb Dispatcher Versionhdb_2.00
SAPWeb Dispatcher Versionkernel_7.53
SAPWeb Dispatcher Versionkernel_7.54
SAPWeb Dispatcher Versionkernel_7.77
SAPWeb Dispatcher Versionkernel_7.85
SAPWeb Dispatcher Versionkernel_7.89
SAPWeb Dispatcher Versionkernel_7.91
SAPWeb Dispatcher Versionkernel_7.92
SAPWeb Dispatcher Versionkernel_7.93
SAPWeb Dispatcher Versionkrnl64uc_7.53
SAPWeb Dispatcher Versionsap_extended_app_services_1
SAPWeb Dispatcher Versionxs_advanced_runtime_1.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.38% 0.587
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.4 3.9 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cna@sap.com 7.7 2.2 5.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://me.sap.com/notes/3340735
Permissions Required