While the SAP Web Dispatcher provides dispatching and performance load balancing capabilities, it shares the same code basis with the SAP ICM. This means that both components may share the same vulnerabilities.
Worthless to emphasizing – It is not a good practice to only rely on the security patches, but having no process in place, that ensures timely installation of issued correction e.g. via the SAP Security Patch Day, can lead to a security disaster. SAP customers need to sift through their installed base, to identify components that need to be patched, this is particularly important for components like the SAP Internet Communication Manager (ICM) that expose services to untrusted networks like the internet.