CVE-2023-35871

Name of the Vulnerable Software and Affected Versions SAP Web Dispatcher versions WEBDISP 7.53 through WEBDISP 7.93 KERNEL versions 7.53 through 7.93 KRNL64UC version 7.53 HDB version 2.00 XS ADVANCED RUNTIME version 1.00 SAP EXTENDED APP SERVICES version 1

Description The vulnerability is related to logical errors in memory management, which can be exploited by an unauthenticated attacker to cause memory corruption. This may lead to information disclosure or system crashes, having a low impact on confidentiality and a high impact on the integrity and availability of the system.

Recommendations For SAP Web Dispatcher versions WEBDISP 7.53 through WEBDISP 7.93, update to a version that includes the fix for the memory management issue. For KERNEL versions 7.53 through 7.93, update to a version that includes the fix for the memory management issue. For KRNL64UC version 7.53, update to a version that includes the fix for the memory management issue. For HDB version 2.00, update to a version that includes the fix for the memory management issue. For XS ADVANCED RUNTIME version 1.00, update to a version that includes the fix for the memory management issue. For SAP EXTENDED APP SERVICES version 1, update to a version that includes the fix for the memory management issue. As a temporary workaround, consider restricting access to the SAP Web Dispatcher to minimize the risk of exploitation.