CVE-2025-0071 — Log File Information Exposure in SE SAP WEB Dispatcher AND Internet Communication Manager

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 66.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP WEB Dispatcher AND Internet Communication Manager

Timeline

PublishedMar 11

Description

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5sap_se/sap_web_dispatcher_and_internet_communication_manager8 versions+7

🔴Vulnerability Details

CVEList

Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager↗2025-03-11

▶

GHSA

GHSA-6r5q-xqrj-8p7f: SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific↗2025-03-11

▶