CVE-2021-40496

Name of the Vulnerable Software and Affected Versions SAP Internet Communication framework (ICM) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785

Description The issue allows an attacker with logon functionality to exploit the authentication function. This can be done by using POST and form fields to repeat executions of the initial command by a GET request, potentially exposing sensitive data. The issue is normally exposed over the network, and successful exploitation can lead to the exposure of data like system details.

Recommendations For SAP Internet Communication framework (ICM) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, consider restricting access to the authentication function to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of POST requests with form fields to prevent the repetition of initial commands. Restrict network exposure of the SAP Internet Communication framework (ICM) to reduce the risk of sensitive data exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.