CVE-2023-35871 Vulnerability Details

  /     /     /  

CVE-2023-35871 Metadata Quick Info

CVE Published: 11/07/2023 | CVE Updated: 23/10/2024 | CVE Year: 2023
Source: sap | Vendor: SAP_SE | Product: SAP Web Dispatcher
Status : PUBLISHED

---

CVE-2023-35871 Description

The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.

Metrics

CVSS Version: 3.1 | Base Score: 7.7 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-787
CWE Name: CWE-787 Out-of-bounds Write
Source: SAP_SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).