CVE-2025-42878
- EPSS 0.06%
- Veröffentlicht 09.12.2025 02:14:59
- Zuletzt bearbeitet 09.12.2025 18:36:53
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has...
CVE-2025-42877
- EPSS 0.08%
- Veröffentlicht 09.12.2025 02:14:51
- Zuletzt bearbeitet 09.12.2025 18:36:53
SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on...
CVE-2025-0071
- EPSS 0.11%
- Veröffentlicht 11.03.2025 01:15:33
- Zuletzt bearbeitet 11.03.2025 01:15:33
SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confid...
CVE-2022-27656
- EPSS 0.34%
- Veröffentlicht 11.05.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:56:06
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.