Request smuggling and request concatenation in SAP Web Dispatcher
CVE-2023-33987

8.6HIGH

Key Information:

Vendor: SAP
Status: SAP Web Dispatcher
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-33987?

This vulnerability in SAP Web Dispatcher and KERNEL allows an unauthenticated attacker to exploit improper input validation. By submitting a specially crafted request to the front-end server, the attacker can manipulate how the back-end server interprets messages, potentially blurring the lines between legitimate and malicious traffic. This could lead to unauthorized actions, such as reading or modifying sensitive information or even causing temporary unavailability of the server. Organizations using these SAP products should apply the latest patches to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Web Dispatcher WEBDISP 7.49

SAP Web Dispatcher WEBDISP 7.53

SAP Web Dispatcher WEBDISP 7.54

References

https://me.sap.com/notes/3233899

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
May 24, 2023

JSON

SAP

What is CVE-2023-33987?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.