Home

CVE-2021-33683

Description

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.086

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-33683 are affected in SAP Web Dispatcher 7.22Windows
Vulnerabilities CVE-2021-33683,CVE-2021-38162,CVE-2022-22536,CVE-2023-33987 are affected in SAP Web Dispatcher 7.49Windows
Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.53Windows
Vulnerabilities CVE-2021-33683 are affected in SAP Web Dispatcher 7.73Windows
Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.77Windows
Multiple Vulnerabilities are affected in SAP Web Dispatcher 7.81Windows
Vulnerabilities CVE-2021-33683 are affected in SAP Web Dispatcher 7.82Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234