CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0071 – Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
https://notcve.org/view.php?id=CVE-2025-0071
11 Mar 2025 — SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. • https://me.sap.com/notes/3558132 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47590 – Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2024-47590
12 Nov 2024 — An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. • https://me.sap.com/notes/3520281 • CWE-791: Incomplete Filtering of Special Elements •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-33005 – Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
https://notcve.org/view.php?id=CVE-2024-33005
13 Aug 2024 — Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and J... • https://me.sap.com/notes/3438085 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 47EXPL: 0CVE-2023-40309 – Missing Authorization check in SAP CommonCryptoLib
https://notcve.org/view.php?id=CVE-2023-40309
12 Sep 2023 — SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. SAP CommonCryptoLib no realiza las comprobaciones de autenticación necesarias, lo que puede dar como resultado comprobacione... • https://me.sap.com/notes/3340576 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2023-40308 – Memory Corruption vulnerability in SAP CommonCryptoLib
https://notcve.org/view.php?id=CVE-2023-40308
12 Sep 2023 — SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information. SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se envía a un puerto abierto, provoca un error de corrupción de memoria en una librería, lo que a su vez provoca que el componente de t... • https://me.sap.com/notes/3327896 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 9.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-35871 – Memory Corruption vulnerability in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2023-35871
11 Jul 2023 — The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosur... • https://me.sap.com/notes/3340735 • CWE-787: Out-of-bounds Write •
CVSS: 9.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-33987 – Request smuggling and request concatenation in SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2023-33987
11 Jul 2023 — An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over severa... • https://me.sap.com/notes/3233899 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29108 – IP filter vulnerability in ABAP Platform and SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2023-29108
11 Apr 2023 — The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources. • https://launchpad.support.sap.com/#/notes/3315312 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2022-28772
https://notcve.org/view.php?id=CVE-2022-28772
12 Apr 2022 — By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web... • https://launchpad.support.sap.com/#/notes/3111311 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2022-28773
https://notcve.org/view.php?id=CVE-2022-28773
12 Apr 2022 — Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Debido a una recursión no controlada en SAP Web Dispatcher y SAP Internet Communication Manager, la aplicación puede bloquearse, conllevando a una denegación de servicio, pero puede reiniciarse automáticamente • https://launchpad.support.sap.com/#/notes/3111293 • CWE-674: Uncontrolled Recursion •