Description
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- SAP / ABAP Platform and SAP Web DispatcherWEBDISP 7.85 – WEBDISP 7.85
- SAP / ABAP Platform and SAP Web DispatcherWEBDISP 7.89 – WEBDISP 7.89
- SAP / ABAP Platform and SAP Web DispatcherKERNEL 7.85 – KERNEL 7.85
- SAP / ABAP Platform and SAP Web DispatcherKERNEL 7.89 – KERNEL 7.89
- SAP / ABAP Platform and SAP Web DispatcherKERNEL 7.91 – KERNEL 7.91