OpenCVE

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Abap Platform Kernel Web Dispatcher

Configuration 1 [-]

OR	cpe:2.3:a:sap:abap_platform_kernel:7.85:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.89:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.91:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/3315312
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-04-11T02:56:58.666Z

Updated: 2024-08-02T14:00:15.410Z

Reserved: 2023-03-31T10:01:53.359Z

Link: CVE-2023-29108

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-11T03:15:07.867

Modified: 2023-04-18T15:31:02.327

Link: CVE-2023-29108

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29108", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2023-03-31T10:01:53.359Z", "datePublished": "2023-04-11T02:56:58.666Z", "dateUpdated": "2024-08-02T14:00:15.410Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ABAP Platform and SAP Web Dispatcher", "vendor": "SAP", "versions": [{"status": "affected", "version": "WEBDISP 7.85"}, {"status": "affected", "version": "WEBDISP 7.89"}, {"status": "affected", "version": "KERNEL 7.85"}, {"status": "affected", "version": "KERNEL 7.89"}, {"status": "affected", "version": "KERNEL 7.91"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.</p>"}], "value": "The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-923", "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2023-04-11T02:56:58.666Z"}, "references": [{"url": "https://launchpad.support.sap.com/#/notes/3315312"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "IP filter vulnerability in ABAP Platform and SAP Web Dispatcher\t ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:00:15.410Z"}, "title": "CVE Program Container", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3315312", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.85:*:*:*:*:*:*:*", "matchCriteriaId": "F6B284F5-7F46-4764-8B24-8D4C88E211B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.89:*:*:*:*:*:*:*", "matchCriteriaId": "5EA6FA84-0C5C-457C-99F1-60D89E6BD13C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.91:*:*:*:*:*:*:*", "matchCriteriaId": "3DD0218F-2104-414D-B0C1-2EFD5A01A602", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.\n\n"}], "id": "CVE-2023-29108", "lastModified": "2023-04-18T15:31:02.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2023-04-11T03:15:07.867", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3315312"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-923"}], "source": "cna@sap.com", "type": "Secondary"}]}