Description
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3684682
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
8.2
EPSS
0.0010
EPSS Percentile
26.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1244
Status
published
Products (11)
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.22EXT
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.53
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.54
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.77
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.89
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
7.93
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
9.16
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
KERNEL 7.22
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
KRNL64NUC 7.22
SAP_SE/SAP Web Dispatcher and Internet Communication Manager (ICM)
KRNL64UC 7.22
... and 1 more
Published
Dec 09, 2025
Tracked Since
Feb 18, 2026