CVE-2025-42878

Medienbericht

EPSS 0.06%
Veröffentlicht 09.12.2025 02:14:59
Zuletzt bearbeitet 09.12.2025 18:36:53
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP Web Dispatcher and Internet Communication Manager (ICM)

Default Statusunaffected

Version KRNL64NUC 7.22

Status affected

Version 7.22EXT

Status affected

Version KRNL64UC 7.22

Status affected

Version 7.53

Status affected

Version WEBDISP 7.22_EXT

Status affected

Version 7.54

Status affected

Version 7.77

Status affected

Version 7.89

Status affected

Version 7.93

Status affected

Version 9.16

Status affected

Version KERNEL 7.22

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	8.2	1.6	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H

CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

https://www.heise.de/news/SAP-Patchday-14-Sicherheitswarnungen-zum-Jahresende-11107757.html

Medienbericht

heise Security

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3684682

https://nvd.nist.gov/vuln/detail/CVE-2025-42878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42878

EUVD