Information disclosure in SAP products - CVE-2025-0071
Published: March 11, 2025
Vulnerability identifier: #VU105503
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-0071
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SAP
Affected software:
SAP Web Dispatcher WEBDISP
Internet Communication Manager (ICM) KRNL64UC
SAP Web Dispatcher Kernel
SAP Web Dispatcher WEBDISP
Internet Communication Manager (ICM) KRNL64UC
SAP Web Dispatcher Kernel
Detailed vulnerability description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote privileged user can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2025-0071
Install updates from vendor's website.