SAP Web Dispatcher Webdisp 7.53

CPE Details

SAP Web Dispatcher Webdisp 7.53
sap
web_dispatcher
webdisp_7.53
2023-09-28
22h01 +00:00
2023-09-28
22h01 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sap:web_dispatcher:webdisp_7.53:*:*:*:*:*:*:*

Informations

Vendor

sap

Product

web_dispatcher

Version

webdisp_7.53

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-33005 2024-08-13 03h47 +00:00 Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.
6.3
Medium
CVE-2021-33683 2021-07-14 09h04 +00:00 SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
4.3
Medium