Preface: In computing, an oops is a serious but non-fatal error in the Linux kernel. An oops may precede a kernel panic, but it may also allow continued operation with compromised reliability.
Background: The Internet Communication Manager ensures that communication between the SAP System (SAP NetWeaver Application Server) and the outside world via HTTP, HTTPS and SMTP protocols works properly. In its role as a server, the ICM can process requests from the Internet that arrive as URLs with the server/port combination that the ICM can listen to. The ICM then calls the relevant local handler for the URL in question.
Vulnerability details:
SAP NetWeaver Application Server for ABAP is affected by NULL pointer dereference vulnerability:
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. (CVE-2024-47586)
Official announcement: SAP Security Patch Day – December 2024.
Please refer to the link for details – https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html