Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Web Dispatcher, Internet Communication Manager and SAP Content Server by SAP_SE

    CVE-2025-42877 (GCVE-0-2025-42877)

    Vulnerability from nvd – Published: 2025-12-09 02:14 – Updated: 2025-12-09 16:02
    VLAI
    Title
    Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
    Summary
    SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher, Internet Communication Manager and SAP Content Server Affected: KRNL64UC 7.53
    Affected: WEBDISP 7.53
    Affected: 7.54
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: CONTSERV 7.53
    Affected: KERNEL 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:23:31.355953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T16:02:24.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher, Internet Communication Manager and SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "CONTSERV 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T02:14:51.103Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3677544"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-42877",
        "datePublished": "2025-12-09T02:14:51.103Z",
        "dateReserved": "2025-04-16T13:25:17.023Z",
        "dateUpdated": "2025-12-09T16:02:24.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-42877 (GCVE-0-2025-42877)

    Vulnerability from cvelistv5 – Published: 2025-12-09 02:14 – Updated: 2025-12-09 16:02
    VLAI
    Title
    Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server
    Summary
    SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher, Internet Communication Manager and SAP Content Server Affected: KRNL64UC 7.53
    Affected: WEBDISP 7.53
    Affected: 7.54
    Affected: XS_ADVANCED_RUNTIME 1.00
    Affected: SAP_EXTENDED_APP_SERVICES 1
    Affected: CONTSERV 7.53
    Affected: KERNEL 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-09T14:23:31.355953Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-09T16:02:24.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher, Internet Communication Manager and SAP Content Server",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "XS_ADVANCED_RUNTIME 1.00"
                },
                {
                  "status": "affected",
                  "version": "SAP_EXTENDED_APP_SERVICES 1"
                },
                {
                  "status": "affected",
                  "version": "CONTSERV 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T02:14:51.103Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3677544"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-42877",
        "datePublished": "2025-12-09T02:14:51.103Z",
        "dateReserved": "2025-04-16T13:25:17.023Z",
        "dateUpdated": "2025-12-09T16:02:24.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }