8.2
CVE-2025-42878
- EPSS 0.08%
- Veröffentlicht 09.12.2025 02:14:59
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP Web Dispatcher and Internet Communication Manager (ICM)
Default Statusunaffected
Version
KRNL64NUC 7.22
Status
affected
Version
7.22EXT
Status
affected
Version
KRNL64UC 7.22
Status
affected
Version
7.53
Status
affected
Version
WEBDISP 7.22_EXT
Status
affected
Version
7.54
Status
affected
Version
7.77
Status
affected
Version
7.89
Status
affected
Version
7.93
Status
affected
Version
9.16
Status
affected
Version
KERNEL 7.22
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.237 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 8.2 | 1.6 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
|
CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State
The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.