PT-2025-49768 · Sap · Sap Web Dispatcher+1
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-42878
CVSS v3.1
8.2
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Web Dispatcher and ICM (affected versions not specified)
Description
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production use. If these interfaces are enabled, unauthenticated attackers could potentially exploit them to access diagnostics, send crafted requests, or disrupt services. The issue has a high impact on confidentiality and availability, and a low impact on integrity.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unsafe Debug Access Level
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icm
Sap Web Dispatcher