CVE-2025-42877
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | internet_communication_manager | 3.1 |
| sap | content_server | 3.1 |
| sap | web_dispatcher | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server, where an unauthenticated user can exploit logical errors leading to memory corruption. This memory corruption can cause significant disruption to the availability of the affected applications.
How can this vulnerability impact me? :
The vulnerability can severely impact the availability of the affected SAP components, potentially causing service outages or denial of service. However, it does not affect the confidentiality or integrity of the application or its data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts the availability of the application but does not affect confidentiality or integrity. Since standards like GDPR and HIPAA emphasize the protection of personal data confidentiality and integrity, this vulnerability does not directly compromise those aspects. However, the availability impact could affect service continuity, which may have indirect compliance implications depending on the specific regulatory requirements for uptime and service availability.