Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Web Dispatcher and Internet Communication Manager by SAP_SE

    CVE-2025-0071 (GCVE-0-2025-0071)

    Vulnerability from nvd – Published: 2025-03-11 00:31 – Updated: 2025-03-11 02:18
    VLAI
    Title
    Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
    Summary
    SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher and Internet Communication Manager Affected: KRNL64UC 7.53
    Affected: WEBDISP 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: KERNEL 7.53
    Affected: 9.14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0071",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:17:43.300783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:18:02.453Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher and Internet Communication Manager",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "9.14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:31:34.767Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3558132"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-0071",
        "datePublished": "2025-03-11T00:31:34.767Z",
        "dateReserved": "2024-12-11T05:05:13.719Z",
        "dateUpdated": "2025-03-11T02:18:02.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0071 (GCVE-0-2025-0071)

    Vulnerability from cvelistv5 – Published: 2025-03-11 00:31 – Updated: 2025-03-11 02:18
    VLAI
    Title
    Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
    Summary
    SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Web Dispatcher and Internet Communication Manager Affected: KRNL64UC 7.53
    Affected: WEBDISP 7.53
    Affected: 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: KERNEL 7.53
    Affected: 9.14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0071",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:17:43.300783Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:18:02.453Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Web Dispatcher and Internet Communication Manager",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "WEBDISP 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "9.14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:31:34.767Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3558132"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-0071",
        "datePublished": "2025-03-11T00:31:34.767Z",
        "dateReserved": "2024-12-11T05:05:13.719Z",
        "dateUpdated": "2025-03-11T02:18:02.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }