CVE-2025-0071 Information

Description

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Reference

https://me.sap.com/notes/3558132 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.9