CVE-2021-38162

Name of the Vulnerable Software and Affected Versions: SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81 KRNL64NUC versions 7.22, 7.22EXT, 7.49 KRNL64UC versions 7.22, 7.22EXT, 7.49, 7.53 KERNEL versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.83

Description: The issue allows an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server, which may result in a back-end server confusing the boundaries of malicious and legitimate messages. This can lead to the back-end server executing a malicious payload, allowing the attacker to read or modify any information on the server or consume server resources, making it temporarily unavailable.

Recommendations: For SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, update to a version that includes the fix for this issue. For KRNL64NUC versions 7.22, 7.22EXT, 7.49, update to a version that includes the fix for this issue. For KRNL64UC versions 7.22, 7.22EXT, 7.49, 7.53, update to a version that includes the fix for this issue. For KERNEL versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.83, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the front-end server to minimize the risk of exploitation.