CVE-2023-35871: Memory Corruption vulnerability in SAP Web Dispatcher
First published: Tue Jul 11 2023(Updated: )
The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Web Dispatcher | =7.53 | |
| SAP Web Dispatcher | =7.77 | |
| SAP Web Dispatcher | =7.85 | |
| SAP Web Dispatcher | =7.89 | |
| SAP Web Dispatcher | =krnl64uc_7.53 | |
| SAP Web Dispatcher | =kernel_7.53 | |
| SAP Web Dispatcher | =kernel_7.54 | |
| SAP Web Dispatcher | =kernel_7.77 | |
| SAP Web Dispatcher | =kernel_7.85 | |
| SAP Web Dispatcher | =kernel_7.89 | |
| SAP Web Dispatcher | =7.54 | |
| SAP Web Dispatcher | =hdb_2.00 | |
| SAP Web Dispatcher | =xs_advanced_runtime_1.00 | |
| SAP Web Dispatcher | =sap_extended_app_services_1 | |
| SAP Web Dispatcher | =kernel_7.92 | |
| SAP Web Dispatcher | =kernel_7.93 | |
| SAP Web Dispatcher | =7.92 | |
| SAP Web Dispatcher | =7.93 | |
| SAP Web Dispatcher | =7.91 | |
| SAP Web Dispatcher | =kernel_7.91 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-35871?
CVE-2023-35871 has a severity level of critical.
Which versions of SAP Web Dispatcher are affected by CVE-2023-35871?
CVE-2023-35871 affects the following versions of SAP Web Dispatcher: WEBDISP 7.53, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, sap_extended_app_services_1.
How do I fix CVE-2023-35871?
To fix CVE-2023-35871, it is recommended to apply the relevant SAP Security Note as mentioned in the references.
Where can I find more information about CVE-2023-35871?
You can find more information about CVE-2023-35871 in the SAP Security Note (3340735) and the provided SAP document.
What are the Common Weakness Enumeration (CWE) IDs related to CVE-2023-35871?
The Common Weakness Enumeration (CWE) IDs related to CVE-2023-35871 are CWE-787 and CWE-119.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/sap
- canonical/sap web dispatcher
- version/sap web dispatcher/7.53
- version/sap web dispatcher/7.77
- version/sap web dispatcher/7.85
- version/sap web dispatcher/7.89
- version/sap web dispatcher/krnl64uc_7.53
- version/sap web dispatcher/kernel_7.53
- version/sap web dispatcher/kernel_7.54
- version/sap web dispatcher/kernel_7.77
- version/sap web dispatcher/kernel_7.85
- version/sap web dispatcher/kernel_7.89
- version/sap web dispatcher/7.54
- version/sap web dispatcher/hdb_2.00
- version/sap web dispatcher/xs_advanced_runtime_1.00
- version/sap web dispatcher/sap_extended_app_services_1
- version/sap web dispatcher/kernel_7.92
- version/sap web dispatcher/kernel_7.93
- version/sap web dispatcher/7.92
- version/sap web dispatcher/7.93
- version/sap web dispatcher/7.91
- version/sap web dispatcher/kernel_7.91