CVE-2023-29108

Summary

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

Affected Software

VendorProductVersion RangeStatus
SAPABAP Platform and SAP Web DispatcherWEBDISP 7.85affected
SAPABAP Platform and SAP Web DispatcherWEBDISP 7.89affected
SAPABAP Platform and SAP Web DispatcherKERNEL 7.85affected
SAPABAP Platform and SAP Web DispatcherKERNEL 7.89affected
SAPABAP Platform and SAP Web DispatcherKERNEL 7.91affected

Weaknesses

  • CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References