CVE-2023-33987

Name of the Vulnerable Software and Affected Versions SAP Web Dispatcher versions 7.49 through 7.90 KERNEL versions 7.49 through 7.90 KRNL64NUC version 7.49 KRNL64UC versions 7.49 through 7.53 HDB version 2.00 XS ADVANCED RUNTIME version 1.00 SAP EXTENDED APP SERVICES version 1

Description The issue is related to the handling of HTTP requests in SAP Web Dispatcher. An unauthenticated attacker can submit a maliciously crafted request over a network to a front-end server, which may result in a back-end server confusing the boundaries of malicious and legitimate messages. This can lead to the back-end server executing a malicious payload, allowing the attacker to read or modify information on the server or make it temporarily unavailable.

Recommendations For SAP Web Dispatcher versions 7.49 through 7.90, update to a version that includes the fix for this issue. For KERNEL versions 7.49 through 7.90, update to a version that includes the fix for this issue. For KRNL64NUC version 7.49, update to a version that includes the fix for this issue. For KRNL64UC versions 7.49 through 7.53, update to a version that includes the fix for this issue. For HDB version 2.00, update to a version that includes the fix for this issue. For XS ADVANCED RUNTIME version 1.00, update to a version that includes the fix for this issue. For SAP EXTENDED APP SERVICES version 1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SAP Web Dispatcher to minimize the risk of exploitation.