CVE-2023-35871
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
11/07/2023
Last modified:
14/08/2023
Description
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.<br />
<br />
Impact
Base Score 3.x
9.40
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.91:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.92:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:7.93:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:hdb_2.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:web_dispatcher:kernel_7.91:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page