CVSS 3.1 Score 9.4 of 10 (high)


Published Jul 11, 2023
Updated: Aug 14, 2023
CWE ID 787


CVE-2023-35871 is a critical vulnerability in SAP Web Dispatcher versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00 and SAP_EXTENDED_APP_SERVICES1 versions that can lead to memory corruption through logical errors in memory management when exploited by an unauthenticated attacker. This vulnerability can result in information disclosure or system crashes and has a low impact on confidentiality but a high impact on the integrity and availability of the system. The affected products include various SAP components such as sCviz2, sVz1mC, sCviz8, sCviz_, sCviz-, sCviz5,sCviz6,sCvi0E,j6yBpx,j6yBpy,sCvi0H,sCvi0G,sCvi0A,sCvi0C,sCvi0N,sCvi0M,mNlpck,sCvi0I and sCvi0L.The vulnerability is categorized as CWE-787 (Out-of-bounds Write) and has a CVSSv3 base score of9 .4

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35871 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options