CVE-2025-42875 Missing Authentication check in SAP NetWeaver Internet Communication Framework

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

CVE-2025-42935

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager ICM permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the...

The vulnerability of the SAP Web Dispatcher web dispatcher and the SAP NetWeaver Internet Communication Manager web application servers involves the disclosure of password values in log files, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the SAP Web Dispatcher web dispatcher and the SAP NetWeaver Internet Communication Manager web application servers relates to the disclosure of password values in log files. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized...

The vulnerability of the SAP NetWeaver Internet Communication Manager web application lies in insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the SAP NetWeaver Internet Communication Manager web application exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2020-6304

Improper input validation in SAP NetWeaver Internet Communication Manager update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53 allows an attacker to prevent users from accessing its services through a...