nvd-json-data-feeds/CVE-2023/CVE-2023-339xx/CVE-2023-33987.json

{
  "id": "CVE-2023-33987",
  "sourceIdentifier": "cna@sap.com",
  "published": "2023-07-11T03:15:09.450",
  "lastModified": "2024-11-21T08:06:21.403",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\n\n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cna@sap.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@sap.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4A7850-377C-4463-A5D7-07F516FBD74A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "677B15E6-09B3-4BA8-8D99-427952335035"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA093F5F-071D-4FA5-AADA-7E058014AB6E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:hdb_2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4A56FB-16CB-4ACA-A961-01F57B1A11F2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "5512FFE8-E10E-48A3-A153-821D1948AB5E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "87738C45-6B88-4DD4-A4A3-4AD47502679C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "B994804F-5405-4295-93BF-4F1C5C3CF00C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D4EFB1-0225-454D-9273-259A4055F482"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F634C80-5034-44A2-9F94-69DEDF453998"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2FD99C-D945-4495-97C7-03D6C6BBBE4B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:sap_extended_app_services_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "216C4CEE-E514-43FB-8819-591AF721E2ED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:web_dispatcher:xs_advanced_runtime_1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E9D3697-7C80-4629-AE7A-73BDE5C558B2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://me.sap.com/notes/3233899",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://me.sap.com/notes/3233899",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`{`
			`"id": "CVE-2023-33987",`
			`"sourceIdentifier": "cna@sap.com",`
			`"published": "2023-07-11T03:15:09.450",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T08:06:21.403",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which\u00a0may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate\u00a0messages. This can result in the back-end server executing a malicious payload which can be used to read or\u00a0modify information on the server or make it temporarily unavailable.\n\n"
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "cna@sap.com",`
			`"type": "Secondary",`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",`
			`"baseScore": 8.6,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"scope": "CHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH"`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`},`
			`"exploitabilityScore": 3.9,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 4.0`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`},`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",`
			`"baseScore": 9.4,`
			`"baseSeverity": "CRITICAL",`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "LOW"`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`},`
			`"exploitabilityScore": 3.9,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 5.5`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "cna@sap.com",`
Auto-Update: 2024-12-15T03:00:19.262894+00:00 2024-12-15 03:03:56 +00:00			`"type": "Primary",`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-444"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.49:::::::*",`
			`"matchCriteriaId": "0B4A7850-377C-4463-A5D7-07F516FBD74A"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:::::::*",`
			`"matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:::::::*",`
			`"matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:::::::*",`
			`"matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.81:::::::*",`
			`"matchCriteriaId": "49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:::::::*",`
			`"matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.88:::::::*",`
			`"matchCriteriaId": "677B15E6-09B3-4BA8-8D99-427952335035"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:::::::*",`
			`"matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:7.90:::::::*",`
			`"matchCriteriaId": "DA093F5F-071D-4FA5-AADA-7E058014AB6E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:hdb_2.00:::::::*",`
			`"matchCriteriaId": "1A4A56FB-16CB-4ACA-A961-01F57B1A11F2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.49:::::::*",`
			`"matchCriteriaId": "5512FFE8-E10E-48A3-A153-821D1948AB5E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:::::::*",`
			`"matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:::::::*",`
			`"matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:::::::*",`
			`"matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.81:::::::*",`
			`"matchCriteriaId": "87738C45-6B88-4DD4-A4A3-4AD47502679C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:::::::*",`
			`"matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.88:::::::*",`
			`"matchCriteriaId": "B994804F-5405-4295-93BF-4F1C5C3CF00C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:::::::*",`
			`"matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.90:::::::*",`
			`"matchCriteriaId": "E8D4EFB1-0225-454D-9273-259A4055F482"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.49:::::::*",`
			`"matchCriteriaId": "8F634C80-5034-44A2-9F94-69DEDF453998"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.49:::::::*",`
			`"matchCriteriaId": "FB2FD99C-D945-4495-97C7-03D6C6BBBE4B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:::::::*",`
			`"matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:sap_extended_app_services_1:::::::*",`
			`"matchCriteriaId": "216C4CEE-E514-43FB-8819-591AF721E2ED"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:sap:web_dispatcher:xs_advanced_runtime_1.00:::::::*",`
			`"matchCriteriaId": "7E9D3697-7C80-4629-AE7A-73BDE5C558B2"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`"references": [`
			`{`
			`"url": "https://me.sap.com/notes/3233899",`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`"source": "cna@sap.com",`
			`"tags": [`
			`"Permissions Required"`
			`]`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`},`
			`{`
			`"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",`
Auto-Update: 2023-07-18T20:00:27.911740+00:00 2023-07-18 20:00:31 +00:00			`"source": "cna@sap.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "https://me.sap.com/notes/3233899",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Permissions Required"`
			`]`
			`},`
			`{`
			`"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-07-11T06:00:27.058937+00:00 2023-07-11 06:00:30 +00:00			`}`
			`]`
			`}`