CVE-2023-35871

Summary

CVE-2023-35871 is a critical vulnerability in SAP Web Dispatcher versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00 and SAP_EXTENDED_APP_SERVICES1 versions that can lead to memory corruption through logical errors in memory management when exploited by an unauthenticated attacker. This vulnerability can result in information disclosure or system crashes and has a low impact on confidentiality but a high impact on the integrity and availability of the system. The affected products include various SAP components such as sCviz2, sVz1mC, sCviz8, sCviz_, sCviz-, sCviz5,sCviz6,sCvi0E,j6yBpx,j6yBpy,sCvi0H,sCvi0G,sCvi0A,sCvi0C,sCvi0N,sCvi0M,mNlpck,sCvi0I and sCvi0L.The vulnerability is categorized as CWE-787 (Out-of-bounds Write) and has a CVSSv3 base score of9 .4

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.