CVE-2024-22124

Summary

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver (Internet Communication Manager)KERNEL 7.22affected
SAP_SESAP NetWeaver (Internet Communication Manager)KERNEL 7.53affected
SAP_SESAP NetWeaver (Internet Communication Manager)KERNEL 7.54affected
SAP_SESAP NetWeaver (Internet Communication Manager)KRNL64UC 7.22affected
SAP_SESAP NetWeaver (Internet Communication Manager)KRNL64UC 7.22EXTaffected
SAP_SESAP NetWeaver (Internet Communication Manager)KRNL64UC 7.53affected
SAP_SESAP NetWeaver (Internet Communication Manager)KRNL64NUC 7.22affected
SAP_SESAP NetWeaver (Internet Communication Manager)KRNL64NUC 7.22_EXTaffected
SAP_SESAP NetWeaver (Internet Communication Manager)WEBDISP 7.22_EXTaffected
SAP_SESAP NetWeaver (Internet Communication Manager)WEBDISP 7.53affected
SAP_SESAP NetWeaver (Internet Communication Manager)WEBDISP 7.54affected

Weaknesses

  • CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References