CVE-2021-33683 Information

Jun 07, 2022 cve

Description

SAP Web Dispatcher and Internet Communication Manager (ICM) versions - KRNL32NUC 7.21 7.21EXT 7.22 7.22EXT KRNL32UC 7.21 7.21EXT 7.22 7.22EXT KRNL64NUC 7.21 7.21EXT 7.22 7.22EXT 7.49 KRNL64UC 7.21 7.21EXT 7.22 7.22EXT 7.49 7.53 7.73 WEBDISP 7.53 7.73 7.77 7.81 7.82 7.83 KERNEL 7.21 7.22 7.49 7.53 7.73 7.77 7.81 7.82 7.83 process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection divert sensitive data such as customer requests session credentials etc.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

https://launchpad.support.sap.com/#/notes/3000663 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: