Request smuggling and request concatenation in SAP Web Dispatcher
CVE-2023-33987
8.6HIGH
What is CVE-2023-33987?
This vulnerability in SAP Web Dispatcher and KERNEL allows an unauthenticated attacker to exploit improper input validation. By submitting a specially crafted request to the front-end server, the attacker can manipulate how the back-end server interprets messages, potentially blurring the lines between legitimate and malicious traffic. This could lead to unauthorized actions, such as reading or modifying sensitive information or even causing temporary unavailability of the server. Organizations using these SAP products should apply the latest patches to mitigate the risk associated with this vulnerability.
Affected Version(s)
SAP Web Dispatcher WEBDISP 7.49
SAP Web Dispatcher WEBDISP 7.53
SAP Web Dispatcher WEBDISP 7.54