CVE-2021-38162

Published: Sep 14, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.9

HIGH

Description

SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.

Vendor	Product	Versions
SAP SE	SAP Web Dispatcher	affected `WEBDISP - 7.49` affected `7.53` affected `7.77` affected `7.81` affected `KRNL64NUC - 7.22` +5 more versions

Weaknesses (CWE)

CWE-444

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3080567

x_refsource_MISC

20220504 Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/166964/SAP-Web-Dispatcher-HTTP-Request-Smuggling.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-38162

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References