CVE-2023-29108

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://launchpad.support.sap.com/#/notes/3315312	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:abap_platform_kernel:7.85:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.89:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.91:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

History

18 Apr 2023, 15:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-11 03:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-29108

Mitre link : CVE-2023-29108

CVE.ORG link : CVE-2023-29108

JSON object : View

Products Affected

sap

abap_platform_kernel
web_dispatcher

CWE

NVD-CWE-noinfo CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

{"id": "CVE-2023-29108", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2023-04-11T03:15:07.867", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3315312", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-923"}]}], "descriptions": [{"lang": "en", "value": "The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.\n\n"}], "lastModified": "2023-04-18T15:31:02.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B284F5-7F46-4764-8B24-8D4C88E211B8"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EA6FA84-0C5C-457C-99F1-60D89E6BD13C"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD0218F-2104-414D-B0C1-2EFD5A01A602"}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2"}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}