Impact
A flaw in the HTTP request parsing of SAP Approuter enables an unauthenticated attacker to send a specially crafted request that causes request‑response desynchronization. This smuggling can expose private user responses and disrupt normal operation, leading to significant loss of confidentiality and availability for systems using the router.
Affected Systems
The vulnerability affects SAP Approuter components provided by SAP SE. No specific version range is defined in the advisory.
Risk and Exploitability
The flaw carries a CVSS score of 9.1, indicating a very high severity. Exploitation is possible over the network using standard HTTP, requiring no authentication. EPSS information is missing, and the issue is not listed in CISA KEV, so active exploitation risk depends on the deployment of unauthenticated interfaces.
OpenCVE Enrichment