CVE-2025-42878

Summary

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)KRNL64NUC 7.22affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.22EXTaffected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)KRNL64UC 7.22affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.53affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)WEBDISP 7.22_EXTaffected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.54affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.77affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.89affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)7.93affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)9.16affected
SAP_SESAP Web Dispatcher and Internet Communication Manager (ICM)KERNEL 7.22affected

Weaknesses

  • CWE-1244: CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References