The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Abap_platform_kernel | Sap | 7.85 (including) | 7.85 (including) |
| Abap_platform_kernel | Sap | 7.89 (including) | 7.89 (including) |
| Abap_platform_kernel | Sap | 7.91 (including) | 7.91 (including) |
| Web_dispatcher | Sap | 7.85 (including) | 7.85 (including) |
| Web_dispatcher | Sap | 7.89 (including) | 7.89 (including) |
Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint. While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness.