CVE-2025-42878
8.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
Summary
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | KRNL64NUC 7.22 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.22EXT | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | KRNL64UC 7.22 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.53 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | WEBDISP 7.22_EXT | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.54 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.77 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.89 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 7.93 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | 9.16 | affected |
| SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | KERNEL 7.22 | affected |
Weaknesses
- CWE-1244: CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.