CVE-2025-0071

Summary

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Web Dispatcher and Internet Communication ManagerKRNL64UC 7.53affected
SAP_SESAP Web Dispatcher and Internet Communication ManagerWEBDISP 7.53affected
SAP_SESAP Web Dispatcher and Internet Communication Manager7.54affected
SAP_SESAP Web Dispatcher and Internet Communication Manager7.77affected
SAP_SESAP Web Dispatcher and Internet Communication Manager7.89affected
SAP_SESAP Web Dispatcher and Internet Communication Manager7.93affected
SAP_SESAP Web Dispatcher and Internet Communication ManagerKERNEL 7.53affected
SAP_SESAP Web Dispatcher and Internet Communication Manager9.14affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References