Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication...

8.2 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

Description

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Basic Information

ID CVE-2025-42878

Source sap

Published Dec 9, 2025 at 02:14

Affected Product

Vendor SAP_SE

Product SAP Web Dispatcher and Internet Communication Manager (ICM)

Version KRNL64NUC 7.22

Affected Versions SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KRNL64NUC 7.22
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.22EXT
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KRNL64UC 7.22
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.53
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) WEBDISP 7.22_EXT
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.54
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.77
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.89
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.93
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 9.16
SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KERNEL 7.22

CWE Classification

CWE-1244

References

{
    "lastseen": "",
    "description": "SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.",
    "published": "2025-12-09T02:14:59.636Z",
    "modified": "2025-12-09T02:14:59.636Z",
    "type": "cve",
    "title": "Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3684682\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42878",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1244"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KRNL64NUC 7.22\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.22EXT\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KRNL64UC 7.22\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.53\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) WEBDISP 7.22_EXT\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.54\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.77\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.89\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 7.93\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) 9.16\nSAP_SE SAP Web Dispatcher and Internet Communication Manager (ICM) KERNEL 7.22",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Web Dispatcher and Internet Communication Manager (ICM)",
    "version": "KRNL64NUC 7.22",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)_CVE-2025-42878