CVE-2023-29108

MEDIUM

ABAP Platform/SAP Web Dispatcher <7.91 - Info Disclosure

Title source: llm

Description

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3315312

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.0

EPSS 0.0018

EPSS Percentile 38.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-923

Status published

Products (5)

sap/abap_platform_kernel 7.85

sap/abap_platform_kernel 7.89

sap/abap_platform_kernel 7.91

sap/web_dispatcher 7.85

sap/web_dispatcher 7.89

Published Apr 11, 2023

Tracked Since Feb 18, 2026