Vulnerability Description
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Web Dispatcher | 7.8_kernel_7.21 |
| Sap | Internet Communication Manager | 7.21ext |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3000663Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506Vendor Advisory
- https://launchpad.support.sap.com/#/notes/3000663Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506Vendor Advisory
FAQ
What is CVE-2021-33683?
CVE-2021-33683 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRN...
How severe is CVE-2021-33683?
CVE-2021-33683 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33683?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Web Dispatcher, Sap Internet Communication Manager.