CVE-2025-0071

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3558132
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) SAP Web Dispatcher e Internet Communication Manager permiten a un atacante con privilegios administrativos habilitar el modo de seguimiento de depuración con un valor de parámetro específico. Esto expone contraseñas no cifradas en los registros, lo que provoca un gran impacto en la confidencialidad de la aplicación. No hay impacto en la integridad ni en la disponibilidad.

11 Mar 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 01:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-0071

Mitre link : CVE-2025-0071

CVE.ORG link : CVE-2025-0071

JSON object : View

Products Affected

No product.

CWE

CWE-532

Insertion of Sensitive Information into Log File

4.9 /10