CVE-2023-29108 MEDIUM

CVE-2023-29108: IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Vendor Sap
Product ABAP Platform and SAP Web Dispatcher
Weakness CWE-923
Published April 11, 2023
Last update February 12, 2025

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
February 12, 2025 Record updated