{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:28:01.326","vulnerabilities":[{"cve":{"id":"CVE-2021-38162","sourceIdentifier":"cna@sap.com","published":"2021-09-14T12:15:10.740","lastModified":"2026-02-24T18:22:12.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable."},{"lang":"es","value":"SAP Web Dispatcher versiones - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7. 83 unos procesos permiten a un atacante no autenticado enviar una petición maliciosa diseñada a través de una red a un servidor front-end que puede, a lo largo de varios intentos, hacer que un servidor back-end confunda los límites de los mensajes maliciosos y legítimos. Esto puede resultar en que el servidor back-end ejecutar una carga útil maliciosa que puede ser usada para leer o modificar cualquier información en el servidor o consumir recursos del servidor haciéndolo temporalmente no disponible"}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*","matchCriteriaId":"D3F76E6A-2F27-450C-AAB5-E49A64079CAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.49:*:*:*:*:*:*:*","matchCriteriaId":"0B4A7850-377C-4463-A5D7-07F516FBD74A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*","matchCriteriaId":"47D4D542-2EC2-490B-B4E9-3E7BB8D59B77"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*","matchCriteriaId":"E33D9481-3CF6-4AA3-B115-7903AC6DAE25"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.81:*:*:*:*:*:*:*","matchCriteriaId":"49FF2A5B-E5F0-4991-9AA3-7CB3B8C62941"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:7.83:*:*:*:*:*:*:*","matchCriteriaId":"65F95ED3-AE34-43A2-AD57-8E0913DDF1D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:kernel_7.22:*:*:*:*:*:*:*","matchCriteriaId":"A2E1A535-8362-454E-AC22-85C4E957CCF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22:*:*:*:*:*:*:*","matchCriteriaId":"3CA8BFCF-0A55-4DEE-B426-1DEF04DA0464"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22:*:*:*:*:*:*:*","matchCriteriaId":"52C58E1D-8A91-451C-A1E1-85BE336DC763"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/166964/SAP-Web-Dispatcher-HTTP-Request-Smuggling.html","source":"cna@sap.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/3","source":"cna@sap.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3080567","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/166964/SAP-Web-Dispatcher-HTTP-Request-Smuggling.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3080567","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}