Primary

Context

SAP Web Dispatcher and Internet Communication Manager Password Exposure Vulnerability

Vulnerability

A vulnerability exists in SAP Web Dispatcher and Internet Communication Manager that allows an attacker with administrative privileges to activate a debugging trace mode. This mode, when combined with a specific parameter value, reveals unencrypted passwords in the logs, thereby significantly compromising the application's confidentiality. However, there is no impact on the integrity or availability of the application.

Impact

Exposing unencrypted passwords in the logs, leading to a high confidentiality risk.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Web Dispatcher and Internet Communication Manager Password Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAP Web Dispatcher

SAP Internet Communication Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating